Monday, November 12

If you're reading this while I'm in combat...

There was an exploit a while back: The server didn't verify quest sharing requests made by clients (i.e. "Is this quest actually sharable?" "Does the client actually have the quest?"). So some people ( readers of this blog I guess ;-) ) used code injection to make the client generate quest sharing requests.

This also made it possible to generate infinite quantities of items that are a quest reward. It's one reason for the cheap "duped" mount flood that happend a while ago (quotation marks because technically it's not a dupe, but created from zero).

It also allowed you to share any and all quests by just going through QuestIDs randomly or sequentially, quests for other classes (e.g. flight form quest as a warrior), quests from expansions the account didn't even have, quests that were only used in development or used for bugtestig, etc.

The exploit is fixed nowadays, but the quests that weren't turned in stayed in the questlogs. If they are marked as legitimately sharable, they can still be shared and so they spread like a meme. Due to cross-realm dungeons and zones even across servers.

Someone in OP's group shared one of these unattainable quests with him. It seems like it's one that was made for testing during development.

in b4 someone slams me for talking about this: a) Security through obscurity is not security at all, b) Name and shame.

0 kommentarer:

Post a Comment

Master of World of Warcraft © 2006 | Powered by Star Wars Gaming
This site and the products and services offered on this site are not associated, affiliated, endorsed, or sponsored by Activision | Blizzard, nor have they been reviewed, tested or certified by Activision | Blizzard.