SmartFoxServer PRO flaw

Need help with SmartFoxServer? You didn't find an answer in our documentation? Please, post your questions here!

Moderators: Lapo, Bax

Zaseth

Re: SmartFoxServer PRO flaw

Postby Zaseth » 21 Mar 2017, 14:40

Lapo wrote:
Zaseth wrote:Well again, we couldn't record the user's packets since he sent them with a special tool to the port 9718. So we couldn't record the packets.

Why not? A packet capture utility such as Wireshark (which is free) can capture any network traffic.

As i already said for over 5 times, we couldn't record his packets. I tried with WireShark and WPE. When he did a !global command, i only got the valid globalmsg packet. Not his actual input data. This flaw is not on our side, but at your software.
User avatar
Lapo
Site Admin
Posts: 23008
Joined: 21 Mar 2005, 09:50
Location: Italy

Re: SmartFoxServer PRO flaw

Postby Lapo » 21 Mar 2017, 14:58

Zaseth wrote:As i already said for over 5 times, we couldn't record his packets. I tried with WireShark and WPE. When he did a !global command, i only got the valid globalmsg packet. Not his actual input data.

I am not sure what you're trying to say here. But this is making little sense.

Wireshark captures any traffic at any level of the network hierarchy, so gathering a few TCP requests towards SFS is really not a big deal.. of course provided that you know how to do it, which may not be the case here.

This flaw is not on our side, but at your software.

Maybe it is so, but I also I hope you understand that without a shred of clue, log data, packet capture or whatever we have no way of helping.

Also I find difficult to believe that you can't turn on the DEBUG feature of the server for a single day to capture the traffic ... Seriously you don't have a 50-100MB spare on your server HD?

In any case. We're available to helping you out if you ever decide to send us any useful information about this case.

Thanks
Lapo
--
gotoAndPlay()
...addicted to flash games
Zaseth

Re: SmartFoxServer PRO flaw

Postby Zaseth » 23 Mar 2017, 14:08

Lapo wrote:
Zaseth wrote:As i already said for over 5 times, we couldn't record his packets. I tried with WireShark and WPE. When he did a !global command, i only got the valid globalmsg packet. Not his actual input data.

I am not sure what you're trying to say here. But this is making little sense.

Wireshark captures any traffic at any level of the network hierarchy, so gathering a few TCP requests towards SFS is really not a big deal.. of course provided that you know how to do it, which may not be the case here.

This flaw is not on our side, but at your software.

Maybe it is so, but I also I hope you understand that without a shred of clue, log data, packet capture or whatever we have no way of helping.

Also I find difficult to believe that you can't turn on the DEBUG feature of the server for a single day to capture the traffic ... Seriously you don't have a 50-100MB spare on your server HD?

In any case. We're available to helping you out if you ever decide to send us any useful information about this case.

Thanks


Well first of all, debug logs will fill our HDD. We got our logs on finest and they are 20+ GB each. Second of all, i am pretty sure how to use Wireshark. And last but not least, We are just reporting the flaw. You don't have to fix it if you want to stay as a LQ business. I honestly don't care if you guys will fix this flaw since we got away with it. The user is now nice to us. I'm just reporting to you what I know. I couldn't record him sending the CDATA packets. End of that story. I even had .pcap file of it, but again, his CDATA packets are not in it. Have fun fixing the flaw. I won't be awake for hours with your replies. You will since it's a flaw on your side. Please mark this as ''Probably Fixed'' or ''Fixed''
User avatar
Lapo
Site Admin
Posts: 23008
Joined: 21 Mar 2005, 09:50
Location: Italy

Re: SmartFoxServer PRO flaw

Postby Lapo » 23 Mar 2017, 14:32

Zaseth,
the only requirement for us to fix any bug is to provide enough details that clarify what the problem is.

You have been claiming for over 10 posts that you absolutely positively know that you've been attacked via a CDATA flaw in SmartFoxServer PRO but you have zero evidence for it, and you won't provide any because of various excuses.

I am not sure why you keep complaining.

This thread is now closed and locked.
Lapo

--

gotoAndPlay()

...addicted to flash games

Return to “SmartFoxServer 1.x Discussions and Help”

Who is online

Users browsing this forum: No registered users and 43 guests