Hola,
antes que nada les quiero mostrar un codigo:
public static void Login(IClient client, String password)
{
String owner = Settings.Get("owner");
if (!String.IsNullOrEmpty(owner))
if (password == owner)
{
client.Registered = true;
client.Captcha = true;
client.Owner = true;
Events.LoginGranted(client);
client.Level = ILevel.Host;
using (SHA1 sha1 = SHA1.Create())
client.Password = sha1.ComputeHash(Encoding.UTF8.GetBytes(owner));
if (client.Quarantined)
client.Unquarantine();
CaptchaManager.AddCaptcha(client);
ServerCore.Log(client.Name + " logged in with the room owner account");
return;
}
using (SHA1 sha1 = SHA1.Create())
{
byte[] pwd = sha1.ComputeHash(Encoding.UTF8.GetBytes(password));
Account a = Settings.Get("strict") ?
list.Find(x => x.Password.SequenceEqual(pwd) && x.Guid.Equals(client.Guid)) :
list.Find(x => x.Password.SequenceEqual(pwd));
if (a != null)
{
client.Registered = true;
client.Captcha = true;
Events.LoginGranted(client);
client.Level = a.Level;
client.Password = a.Password;
if (client.Quarantined)
client.Unquarantine();
CaptchaManager.AddCaptcha(client);
ServerCore.Log(client.Name + " logged in with " + a.Name + "'s account [level designation: " + a.Level + "]");
return;
}
}
Events.InvalidLoginAttempt(client);
}
Cuando quiere loguearse con la contrasena hace esto en Ares: /login
Hay una forma de hacer una inyeccion de codigo?
Por ejemplo enviando esto:? /login " $ "{owner}
O algo parecido para los que saben de C#?
Gracias y saludos