[TF2 Stats] With Web Ranking and Item Logger [v9.1.0] - Page 226

Sobuno · 07-17-2012 , 12:04 Re: [TF2 Stats] With Web Ranking and Item Logger [v9.0.0]

Quote:

Originally Posted by eraserhead

I don't really understand what that page is about but i know heinisblog is from Galadril, he made the currently used webstats part of this plugin.

The page is stating that a 0-day vulnerability (A previously unknown vulnerability, i.e. it has not been patched) has been found in a webapp made by Heinosblog and that said webapps can be found by googling intext:"Powered by Heinisblog". The vulnerability is an SQL injection, which means it is done by injecting a piece of code into an unprotected string. Let me give an example courtesy of Wikipedia (With additional explanations/modifications by me):

Suppose we have a table called userinfo. On a profile page, we have a query into this table that asks for all info regarding a specific user. This query could look like this:

Code:

SELECT * FROM userinfo WHERE id=$userid

where $userid is the variable part of the query, which could be fetched from the address line (Such as http://example.com/user.php?id=1337)

If this value is not protected in some way, a malicious user can insert whatever he likes as the id. Suppose he chooses to insert "1;DROP TABLE users;" (Without quotes) as the id. This gives us the query (Actually two queries, but that's not important):

Code:

SELECT * FROM userinfo WHERE id=1;DROP TABLE userinfo;

The first part fetches the user information as it is originally intended. The semicolon is used to mark the ending of a query, however, and the next query is much more malicious; it deletes the entire userinfo table.

As such, SQL exploits can be nasty. I am not saying that there is one in the web interface (A quick glance at it showed that the author has covered the most common pitfalls), but it is worth taking a backup of your data now and then.

eraserhead · *Last edited by eraserhead; 07-18-2012 at 07:03.*

Hey Sobuno, nice to see you're still lurking here. And thanks for explaining. :-)

Sobuno · 07-18-2012 , 13:18 Re: [TF2 Stats] With Web Ranking and Item Logger [v9.0.0]

Quote:

Originally Posted by eraserhead

Hey Sobuno, nice to see you're still lurking here. And thanks for explaining. :-)

Not still lurking, I visited the site for the first time since my last post yesterday as I am trying TF2 again (Mostly to see if I can even snipe anymore, having only played League of Legends for the last 6 months)

sirphr · *Last edited by sirphr; 07-21-2012 at 01:51.*

Hey
I receive a php error in the stats

Code:

Fatal error: Invalid IP in /______/______/______/stats/player.php on line 351

I know someone has stated to make a cvar NULL or leave it blank... which does somewhat work... it allows you look at your own stats but you still can not look at others. Is there a fix for this?

Sillium · 07-25-2012 , 04:21 Re: [TF2 Stats] With Web Ranking and Item Logger [v9.0.0]

When you look at the SQL-Tables you'll see that the IP in the entry is 0.
Remove all entries with an IP of 0.

But I don't know why this happens.

casper10 · *Last edited by casper10; 07-26-2012 at 04:57.*

There is a parameter:

rank_removeoldplayers "1" //Enable automatic removal of players who don't connect within a specific number of days. (Old records will be removed on round end).

I have dm_duel_pro_rc4 map and round ends never. Is there any other way, how to remove "old" players? If not - can you add anything like it - maybe command or check after server restart and plugin reload or so.

Thank you.

casper10 · 07-26-2012 , 09:17 Re: [TF2 Stats] With Web Ranking and Item Logger [v9.0.0]

Help me please with this error-log file:

L 07/25/2012 - 01

7:09: SourceMod error session started
L 07/25/2012 - 01

7:09: Info (map "dm_duel_pro_rc4") (file "errors_20120725.log")
L 07/25/2012 - 01

7:09: [SM] Native "IsClientInGame" reported: Client index 0 is invalid
L 07/25/2012 - 01

7:09: [SM] Displaying call stack trace for plugin "TF2_Stats.smx":
L 07/25/2012 - 01

7:09: [SM] [0] Line 4262, C:\sourcemod-1.4.1-release\TF2_Stats.sp::Command_Say()
L 07/25/2012 - 01:57:58: [SM] Native "IsClientInGame" reported: Client index 0 is invalid
L 07/25/2012 - 01:57:58: [SM] Displaying call stack trace for plugin "TF2_Stats.smx":
L 07/25/2012 - 01:57:58: [SM] [0] Line 4262, C:\sourcemod-1.4.1-release\TF2_Stats.sp::Command_Say()
THX

**DarthNinja** · 07-26-2012 , 17:02 Re: [TF2 Stats] With Web Ranking and Item Logger [v9.0.0]

Are you running replay or SourceTV?

casper10 · 07-26-2012 , 17:28 Re: [TF2 Stats] With Web Ranking and Item Logger [v9.0.0]

no, I have had replay about 2 months ago, but now is disabled.

Roundcat · 07-28-2012 , 05:34 Re: [TF2 Stats] With Web Ranking and Item Logger [v9.0.0]

Just happened across this plugin. I have just cracked setting up databases and so am scouting around to try and offer members as much LIVE stat based info as possible. Recommendations welcome!

My question is how does this plugin differ from what GameMe offers for example? Is it possible to see a demo page? Sorry if its been asked before.