Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

[Mail] Exploit SPAM? #11664

Open
n4ndo opened this Issue Mar 3, 2014 · 8 comments

Comments

Projects
None yet
7 participants

n4ndo commented Mar 3, 2014

Hello,

Today come to me an report when a user was making mass spam via Mail to a lot of players, so i start checking and this is what i find.

After do:

SELECT * FROM mail WHERE body LIKE "%SPAM MAIL%";

The result was more than 8K rows all send by the same guid id, so, i think, how is tihs possible? after check the related account inside, there is no macros, only one player lvl 2, with no friends added.

Any idea?

Thanks.

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

Member

Vincent-Michael commented Mar 3, 2014

with Injector?

n4ndo commented Mar 3, 2014

@Vincent-Michael any idea how to solve? how to prevent?

Contributor

MrSmite commented Mar 5, 2014

What about an addon? If you're not using warden then it isn't difficult to write an addon to auto-mail.

Note: I don't know how to use warden so can't help you there.

n4ndo commented Mar 5, 2014

Maybe a check in user send mail for friendship? all the emails was send to a non friend.

n4ndo commented Mar 16, 2014

@MrSmite i'm using warden, but the problem, still persist. :/

@n4ndo n4ndo changed the title from [Mail] SPAM? to [Mail] Exploit SPAM? May 17, 2014

@n4ndo n4ndo referenced this issue May 17, 2014

Closed

Exploit fixes #11227

Contributor

Trisjdc commented May 17, 2014

There are legitimate addons that spam mails to certain groups (think mail assistance addons). You'll probably have to write something custom, as I very much doubt this was an 'exploit' at retail

@Aokromes Aokromes added the Comp-Core label Jun 22, 2014

Owner

Aokromes commented Jun 14, 2016

I think this is no longer possible with @jackpoz's mitigation commits.

Member

jackpoz commented Jun 14, 2016

CMSG_SEND_MAIL should be added to https://github.com/TrinityCore/TrinityCore/blob/3.3.5/src/server/game/Server/WorldSession.cpp#L1368 with a low value, anyway it will still allow any player to send at least 1 mail each second, so 86400 emails a day

@DDuarte DDuarte added the Sub-Exploit label Jul 1, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment