FFXIV Database Exploit

Apparently by simply sifting through the Lua scripting that FF14 uses, people were able to figure out a JSON query that would retrieve your character’s information from the character database.  Further, any commands you send to the database are simply… not checked at all, and the database just takes the input commands and MODIFIES YOUR DATA DIRECTLY.

That means it was/is possible to simply tell the server “make me level 50 and give me six billion gil” and the server will…happily do it.

you can simply send a javascript request to SE’s servers and give yourself billions upon billions of gold.

 You can literally convert any item.  I found a video of someone buying 99 potions from the store, then converting them to 99 Allagan gold pieces and selling them right back.

This has been known about and going on for over a month, since beta phase 4.  People that figured this out obviously exploited the hell out of it to give themselves whatever items and gil they wanted.  They turned around a made bank selling to RMT sites and actual players as well.  Now, most if not all of these players were banned in the recent crackdown, but the damage has been done.  Who knows how much of the economy is basically duped items or gil at this point and since this is still going on, how much worse it’ll get before SE decides to do something.

What can actually be done at this point other than a rollback, which would no doubt piss everyone off?  Personally, I’d take that over playing in a world where i don’t know what’s what anymore.  Either way, SE is in crisis mode.  SE has managed to make the Salvage dupe bans of ’09 seem tame in comparison.