Get Some
Games => Strategy => DayZ => Topic started by: Lias on May 15, 2014, 12:27:54 pm
-
An extremely unfortunate event for DayZ Standalone‘s developer Bohemia Interactive seems to have recently occurred. Based on a now-removed forum thread (mirrored here) on game hacking forum Unknown Cheats, it appears that the DayZ source code may have been stolen from the Czech video game developer’s servers via SQL injection.
The alleged attacker going by the alias “DevDomo” posted evidence that he or she gained access to Bohemia’s servers by posting several images of alleged source code files and his or her method of access. I reached out to Bohemia Interactive and asked about the validity of DevDomo’s claims, and they confirmed that they have “detected an attack ” on some of their servers. They went on to say “the precise nature and scope of this attack is currently being extensively investigated.”
Since this situation came to my attention, it appears that a PDB tool for debugging the DayZ executable has been released by both DevDomo and fellow Unknown Cheats user “drwhat”. The tool may open up the possibility of new hacks and exploits for DayZ Standalone.
Bohemia Interactive confirmed with us that no user data was accessible from the attacked servers and that current developer goals and schedules for their games have not been affected. More information about the attack is said to be released as Bohemia’s investigation continues. We’ll keep you up to date on the situation.
- See more at: http://www.relyonhorror.com/latest-news/bohemia-interactives-servers-hacked-dayz-source-code-possibly-stolen/#sthash.4j2oUF4H.dpuf (http://www.relyonhorror.com/latest-news/bohemia-interactives-servers-hacked-dayz-source-code-possibly-stolen/#sthash.4j2oUF4H.dpuf)
-
lol at SQL injection, you're security would have to "; DELETE FROM dbo.Users WHERE userid = 'Lias'
-
lol at SQL injection, you're security would have to "; DELETE FROM dbo.Users WHERE userid = 'Lias'
lol
-
From building some pages recently with craigor its quite interesting how easy some of this stuff is, even posting your own content to a form submit page and then looking at the $_REQUEST value that it returns can yield some scary information.
IMO if your making something public, even in alpha, it should be locked down.
-
lol at SQL injection, you're security would have to "; DELETE FROM dbo.Users WHERE userid = 'Lias'
Not really, you could inject it into a html request like an unsecured or forced 500 error that then parses through., or a in cases of some flash players or Java on a site injecting it as it runs using fiddler mid request.
sql injection attacks are some of the easiest to perform and sometime not in the easiest of places to have secured for functionality reasons.