ONLINE NOW: 49 LAST 24 HOURS: 121
« First | < | > | Last » |
If you're wondering where I've been recently in terms of updates, that will all become apparent tomorrow as my 100+ script update syncs over from the development server. Sadly none of these updates are interesting, just a mass security update for CSRF exploits. In the end the original idea of monitoring what scripts people came from fell through as it could be bypassed with the clever use of frames and javascript.
Instead this update will use unique tokens generated on scripts that are about to do something, then passed to the scripts that actually perform the action and checked. This change will mean that you cannot use the back button and then perform most actions. I'll be monitoring how much of an impact this has on players and how often this error occurs over the coming days.
This security fix has required me to manually edit pretty much every script in the game that performs any action. It was very boring, involved thousands of lines of copying and pasting but now it is done. As a result image tags will be re-enabled on forums after this update goes live, I'll also be posting proof of concept code of this exploit to anyone interested or worried that it may effect other sites.
Instead this update will use unique tokens generated on scripts that are about to do something, then passed to the scripts that actually perform the action and checked. This change will mean that you cannot use the back button and then perform most actions. I'll be monitoring how much of an impact this has on players and how often this error occurs over the coming days.
This security fix has required me to manually edit pretty much every script in the game that performs any action. It was very boring, involved thousands of lines of copying and pasting but now it is done. As a result image tags will be re-enabled on forums after this update goes live, I'll also be posting proof of concept code of this exploit to anyone interested or worried that it may effect other sites.
LordPain
"good and bad "
Cyclone
"Well said LordPain. And thanks for publishing the proof of concept code Zorg, that will be good to review."
Aaron
"please oh please do not effect guard clearing in WL..."
rollin340
"You went through all of that? Aw...you do care."
Arryn
"Aaron, you use back button on guard clearing? Doubt that's so much faster..."
KillaSanta
"Back button doesn't work for me on clearing guards and anything else still takes an extra click for me.. so meh?"
RottenJr
"Back button for clearing WL guards is how I do it so fast with lower leveled guards and is much faster. Otherwise, images in sigs coming back "
ExDeath
"Glad I never used the back button anyway "
HappyDays
"wow"
Cunha
"i'm with you... it's boring but someone has to do it. "
CodeHydro
"Ah, so this explains why, while playing the slots on dev the other day, that the "play again" button kept giving an error."
tuhvel1
"Aww man.... clearing guards is gona be such a pain in the ...... without the back button."
anialator
"People use back for guard clearing? Yaaaaaaay Images coming back, time to make some horrendously shocking forum signatures "
Nemesis
"Thanks for the hard work zorg "
junglewolf
"no back button "
noctem
"lol don't know what any of that means but thanks for the time "
Halloween 2023
- Updated by Pie
Meep Coin
- Updated by Pie
Meepcoin
- Updated by Pie
Halloween 2023
- Updated by Pie
- Updated by Pie
Meep Coin
- Updated by Pie
Meepcoin
- Updated by Pie
Halloween 2023
- Updated by Pie