Public Login Server Exploit

[image]

in Client.cpp of the Login Server the logged in flag is set too early:

Code:

void Client::Handle_Login(const char* data, unsigned int size)
{
        if(status != cs_waiting_for_login)
        {
                server_log->Log(log_network_error, "Login recieved after already having logged in.");
                return;
        }

        if((size - 12) % 8 != 0)
        {
                server_log->Log(log_network_error, "Login recieved packet of size: %u, this would cause a block corruption, discarding.", size);
                return;
        }

        status = cs_logged_in; // this should be removed ****

It belongs further down:

Code:

	if(server.db->GetLoginDataFromAccountName(e_user, d_pass_hash, d_account_id, groupid, is_activated) == false)
	{
		server_log->Log(log_client_error, "Error logging in, user %s does not exist in the database.", e_user.c_str());
		result = false;
	}
	else
	{
		if(d_pass_hash.compare(e_hash) == 0)
		{
			result = true;
		}
		else
		{
			result = false;
		}

	if(result)
	{
		status = cs_logged_in; // we add it here - the password was valid