Admin messages

Need help with SmartFoxServer? You didn't find an answer in our documentation? Please, post your questions here!

Moderators: Lapo, Bax

User avatar
WoWoX
Posts: 16
Joined: 18 May 2013, 13:25

Admin messages

Postby WoWoX » 28 Feb 2014, 17:07

Hello, I am having an issue. "Hackers" are able to use a packet editing program to send the admin message packet:

<msg t='sys'><body action='dmnMsg' r='0'><user id='177252' /><txt><![CDATA[admin message]]></txt></body></msg>.

They can put any user's ID in there and it will send the admin message to them.
Could you guys please tell me the different ways in which I can fix this issue?
Thanks.
User avatar
Bax
Site Admin
Posts: 4609
Joined: 29 Mar 2005, 09:50
Location: Italy
Contact:

Re: Admin messages

Postby Bax » 01 Mar 2014, 11:39

The hacker should be connected to SmartFoxServer as an administrator to be able to send admin messages.
Even if he sends that xml, the server discards it because the user credentials are checked against the server settings.
Paolo Bax
The SmartFoxServer Team

Return to “SmartFoxServer 1.x Discussions and Help”

Who is online

Users browsing this forum: No registered users and 34 guests