Private Server Hacks?

I've been scouring about lately, and recently discovered a private server called ROTFA.Dragon-Network. Now they, like a lot of private servers, give onsite rewards for voting. Which you can then turn around and use for ingame items, coin, gold, etc.

What I'm wondering, is if this is exploitable like how the DP system was on PWI? Since most private servers just set up their forums/sites with little to no knowledge of how to keep certain things from happening, I imagine that there's a way to edit a few things in the browser to gain a lot of points, which could then be used for ingame items.

Could someone verify/explain this for me, please? Much appreciated.

Google XSS and SQL Injection. Then look for any unfiltered GETs and POSTs :)

Quote:

Originally Posted by Sᴡoosh Google XSS and SQL Injection. Then look for any unfiltered GETs and POSTs :)

Well, I did a Google search for XSS and SQL as you said. Unfortunately, I was a bit confused by.. well, just about everything. From how I understand it, XSS is just the use of Cross Site Scripting, and SQL is what actually tells the server what information it's receiving and sending, correct?

x.x Could you maybe explain it more simpler terms, please? Also, I didn't even get far enough for the GETs and POSTs. But I'm assuming those are what I need to look for in the page script?

Since I hate Blue dragon and their admin who can do nothing but steal content and DDoS, i'll help ya a bit, hopefully you can find some unsecured parameter :)

XSS is usefull for stealing cookies and authentificating as another user with said cookies. Most sites use a session token to keep track of sessions of users.

XSS means that you get the cookies of another user - by making them visit a link wich gathers the site's cookies. This is not thaaat useful though, unless you can get NIMDA/Pavel or whatever he calls himself these days to click on a link, or if he has unfiltered tags that allow to link a php or jsp instead of a picture or something.

You should look more into SQLi. SQL is a database language which is broadly used online. To SQLi, you must know basic querrys.

For example, take this :

SELECT * FROM Logins WHERE UserID = 1;

This Querry would return the dataset of the collumn where user ID is 1 - probably admin.

Now, if we abstract this into (a bad example of) PHP :

$uid = $_GET['UserID']; //Get parameter from response array
mysql_query("SELECT * FROM Logins WHERE UserID = $uid"); //querry with user ID from GET

This is a win situation.

Normally you'd just have ints as parameters, and all is fine. Now, an evil person could pass not a number, but this as "userID" :

0; TRUNCATE Logins;--

Which will result in following querry :
mysql_query("SELECT * FROM Logins WHERE UserID = 0; TRUNCATE Logins;--");

And that is the end of the contents of their Logins table :)

I'll leave the rest to your creativity.

I'll distance myself from any error - I wrote this at 3 am, while on pot :)

Cheers

Quote:

Originally Posted by Sᴡoosh Since I hate Blue dragon and their admin who can do nothing but steal content and DDoS, i'll help ya a bit, hopefully you can find some unsecured parameter :) XSS is usefull for stealing cookies and authentificating as another user with said cookies. Most sites use a session token to keep track of sessions of users. XSS means that you get the cookies of another user - by making them visit a link wich gathers the site's cookies. This is not thaaat useful though, unless you can get NIMDA/Pavel or whatever he calls himself these days to click on a link, or if he has unfiltered tags that allow to link a php or jsp instead of a picture or something. You should look more into SQLi. SQL is a database language which is broadly used online. To SQLi, you must know basic querrys. For example, take this : SELECT * FROM Logins WHERE UserID = 1; This Querry would return the dataset of the collumn where user ID is 1 - probably admin. Now, if we abstract this into (a bad example of) PHP : $uid = $_GET['UserID']; //Get parameter from response array mysql_query("SELECT * FROM Logins WHERE UserID = $uid"); //querry with user ID from GET This is a win situation. Normally you'd just have ints as parameters, and all is fine. Now, an evil person could pass not a number, but this as "userID" : 0; TRUNCATE Logins;-- Which will result in following querry : mysql_query("SELECT * FROM Logins WHERE UserID = 0; TRUNCATE Logins;--"); And that is the end of the contents of their Logins table :) I'll leave the rest to your creativity. I'll distance myself from any error - I wrote this at 3 am, while on pot :) Cheers

Ah, thank you very much. I'll play around with it a bit and see what I can find. Much appreciated.

Is this possible with HTML too(JavaScript)? I have basic knowledge of SQL but HTML is pretty much like chinese for me. Would XSS work for that just as well?

Uhm, you need to find out if it works, I have no clue how smart the guy was who they paid to make their site - they sure as hell didn't make it themselves because of massive levels of faggotry.

But pretty much the same thing as the topic starter, wondering if things can be changed to edit the system that gives free stuff via the website (just like PWI's DQ)

JS is a much harder language than SQL it seems >.<