[Plus Emulator] Exploit that nobody can fix...

[Resubmitted]

I'm using the original PlusEMU build and I'm having an issue where people are able to access accounts without entering a password.
This is not the issue with the null check in SSOTicket.cs, as we already patched that.
I've also tried the method mentioned elsewhere of creating a separate table for tickets and deleting them upon login, however the people doing this are still able to.
Is there any other known exploit of this kind that is allowing them to do this?

Literally I've tried all day and night to fix this, but I can't find a solution at all and will be surprised if a solution is even found. Please can anyone tell me if they know how to fix this?

Thanks.
 
@Sledmore

 

[Resubmitted]

Also our CMS does not use that function
 
1000% It's not SSO. I'm willing to pay money for ANYONE that can fix this...

 

[CosmoPeak]

Also our CMS does not use that function
 
1000% It's not SSO. I'm willing to pay money for ANYONE that can fix this...

Have you made any edits to your emulator/have you tried using the latest releases?

 

[Resubmitted]

Have you made any edits to your emulator/have you tried using the latest releases?

Not any major ones.

 

[CosmoPeak]

Not any major ones.

As per my previous message, I'd be more than happy to take a look at the emu, probably something in there, just lmk

 

[Resubmitted]

As per my previous message, I'd be more than happy to take a look at the emu, probably something in there, just lmk

Sorry we cant give direct access to the emulator

 

[CosmoPeak]

Sorry we cant give direct access to the emulator

Oh, well best of luck!

 

[Resubmitted]

Oh, well best of luck!

Thanks.

 

[Wickd]

It's the CMS thing take it from there.What's the link to your retro?

 

[Resubmitted]

It's the CMS thing take it from there.What's the link to your retro?

CMS thing?

 

[Wickd]

CMS thing?

Link to your retro?

 

[Resubmitted]

Link to your retro?

Website is down.

 

[Resubmitted]

I already spoke to the Owner about this.
He has patched the SSO exploit and changed CMS', it's neither of those. I believe it is probably code that a previous developer who originally added RP stuff to the emulator is aware of and knows how to exploit as it is not the CMS or base PlusEmu - but if anyone else has any ideas do share.

Basically what Haidyn said.

 

[Wickd]

Just let @JMG on your VPS.

 

[Joe]

Without any code how can anybody possibly know, it's quite hard when you're basically not allowing anybody to access the server or see the code itself to search for exploits a previous developer could of added. What you're asking for is basically your thread title, nobody can fix it unless you allow them to.

 

[Wickd]

Without any code how can anybody possibly know, it's quite hard when you're basically not allowing anybody to access the server or see the code itself to search for exploits a previous developer could of added. What you're asking for is basically your thread title, nobody can fix it unless you allow them to.

Like finding a needle in a haystack.

 

[MasterJiq]

Give me the code where it's used to submit user's login (session)