Devs have to sort player with more than 6 stars and with stats with more for 200 lvl and delete it immediatly, cuz game now unplayble at all and all tests goes to empty.
Being honest and hardworking in a CBT. Kek.
1 Like
did they patched it already ??
Noticed that before I went to sleep yesterday, didnt know if it was a problem in my conection or if the exploit didnt work already xD
The damage has already been done, they’ve just prevented more people from doing it. did you read what you just quoted ?
I hope so.
This security problem about script & exploit has been addressed by some people (including myself) on an old thread.
Everyone (with ‘little’ effort) could freely access some scripts of the game.
It helps the exploiters to study the game structure & behavior.
Unless you know exactly where you found that exploit,
you can’t confirm that it really has been fixed.
Only the first bug finder/exploiter and few others who know it.
The bug might still be lingering on somewhere else.
Maybe they just change the parameter, the function, or the hotkey.xml parser.
Who knows?
exactly. but if something like this happens in the OB i just stop playing, like much more ppl is going to do.
the staff communication is so poor actually, there are hundreds of bug reports in the forum, the staff just reply it with a ctl+V and move on, i don’t think they even send the bugs to the devs, never saw one minor bug fixed…
It’s still possible to start Class Advancement quests under certain conditions (using the same vulnerability but with a different command).
Might be related to https://forum.treeofsavior.com/t/someone-with-rank-8/122237
1 Like
While the ability to accept quest is, thankfully, fixed will the ability to also open up the repair shop, merchant shop, and warp from anywhere also be fixed too? Never having to leave a grinding spot and not having to find a goddess status to warp to is also unfair to legit players. Not anywhere near as bad as level 200 in 1 hour, but still an advantage.
I hope you just fixed the quest one because of how severe it was. Please don’t let the other ones stay in there. We still have too many privileges/powers on the client side.
Confirming that Free Class Advancement Exploit is not fixed.
3 Likes
And the chaos continues.Craziest CBT I’ve ever been a part of by far.
2 Likes
the quest is already completed or is it the first step?
dude, this game is SO not ready to an open beta, i’m really surprised this is a serious project, it’s someone’s job to do that
Not yet, please do something about this. 
The start of alchemist advancement quest (lvl 185, “Complete the Mission of an Alchemist [Alchemist Advancement]”). And it was accepted by lvl 1 character.
The art of quoting oneself:
[quote=“nizidr, post:229, topic:123654”]
For class quests you dont have to be near NPC to accept them nor checking if you have already completed one would help.[/quote]
“Those are not crutches in the code, those are highly specialized technical solutions” - IMC, 2015
1 Like
Since no one is posting it so IMC can address the problem, this is the code used:
<HotKey ID="FreeClass" Name="FreeClass" DownScp="control.CustomCommand("CLICK_CHANGEJOB_BUTTON", 9999)" UpScp="None" Key="C" UseShift="NO" UseAlt="NO" UseCtrl="NO" OnEdit="NO" />
Same kind of exploit, sending a command to the server and the server doesn’t give two hoots about if you should or shouldn’t be able to perform said action.
Unfortunately this problem isn’t just restricted to these exploits. While not as serious, the same set of actions can be used to trigger teleports, talking to NPCs, repairs, market, even accessing actions from other jobs (like job specific crafting and vending), and other actions similar.
Hopefully IMC takes a good long look at these issues and puts in better fixes in place. Restricting access to client commands isn’t the answer though, while it does lower the bar for players abusing these bugs, it wouldn’t prevent them from being abused and likely would make it considerably harder to identify and solve.
5 Likes
Let the madness continue!
1 Like
At most they will have to completely rewrite client and server by Dec 19, 2015.