Action overloading
Action Overloading was a bug exploit which was fixed on January 18th, 2006. This exploit allowed multiple actions to take place at the same time, while only charging AP for the first action. Since the "drop" action costs 0 AP, the exploit allowed most actions to be executed for free.
Use
The exploit was employed as follows:
- The first part of the url was the drop command, e.g. http://urbandead.com/map.cgi?drop=p (this would drop a pistol)
- After this, a weapon and target could be specified: http://urbandead.com/map.cgi?drop=p&weapon=?X&target=?Y where ?X = the name of the weapon (maul, pistol, shotgun, etc.) and ?Y = ID of the target (the user number, or Z for the top zombie)
- Alternatively, the exploit would allow free movement via e.g: http://urbandead.com/map.cgi?drop=p&v=XX-YY where XX and YY are the coordinates of the square to move to.)
- Searching could also be done for free, e.g. http://urbandead.com/map.cgi?drop=p&search
Limitations
For reasons unclear to the discoverer of the exploit, some actions, like using items, were not susceptible to the bug. Other actions which were not free include: rising from the dead, entering buildings and speaking.
In addition, the IP hit limit made it impossible to execute more than 160 actions per day, unless the player donated money.
Blesley Mall
Five days before the bug was fixed, HackinOnTheIIGS moved into Blesley mall and, more or less single handedly, killed every survivor there by using the exploit. Ironically, due to the tiny number of zombies involved in the attack, most survivors and zombies assumed that the mall had simply evacuated to avoid the wrath of a zombie mall tour which was ongoing at the time, and many remarked about the impressive coordination required to execute such an evacuation.
Fix
The bug was finally fixed after two players, HackinOnTheIIGS and Sarrge the Pirate, were noticed with extremely large amounts of XP. A bug report was filed, and within a week, Kevan had fixed the bug.
Questions were raised as to whether the two players known to have exploited the bug had their accounts locked. As their XP had not increased, several users assumed that they had. In fact, the accounts were not locked, and did not need to be; after tasting the power of the exploit, it was more or less impossible for either player to go back to normal play.