[HELP] ps_login Injection Again

Boul27 · 01/22/2015, 10:55

Hi Dotzie

It's a good answer that you give, i will answer with what i know.

You figure out a good security point, by this way, (changing port), you will avoid standar attack on this point.

But injection are not here.
I personnaly think it's only in the databases.
Yes, we can avoid this by reduction of the amount of char that we can enter(and send) by the way of the login (that interact with ps_login)

But, if your trigger in the databases are not secure, a man you will you packet injector to bypass ps_login char (i dont know if it's possible), will send an injection.

Here is a simple injection :
' Drop database ***

Where *** is the name of the database.
The ' will trunc the previous request, like select ... from ... where
And will execute "Drop database ..." with the admin privilege cause it's executed on the server side.

Maybe, the first point to do is to locate the trigger that check de login (to permit the connexion), and had a huge filter on this , rejecting word and char like : ',",%, || .. drop,select,union

I'm not sure, but when i develop databases, i do this stuff to avoid SQL injection .

I don't know if someone agree with me, but i think it's a point the think about.

Namikaz3 · 01/22/2015, 15:09

no use changing doors, or encrypt the game.exe. is very easy to find out the ip and port on a server, simply log into the game and give a simple command in cmd.

Boul27 · 01/22/2015, 15:28

What kind of command ?
A normal player can do this ?

Namikaz3 · 01/22/2015, 17:22

yes command netstat. anyone can do it, no matter if the game.exe is encrypted or not. need to find the flaws in ps_login, ps_game and ps_dbagent and correct. is the only way. and to me that's difficult. I have so much knowledge. I need your help