SQL injection???????

Haxor · 04/08/2011, 17:43

Hello guys
I heared there a way in sql injection
i hear they do it in isro in 2008 and they get like 2000 accounts and share here
and then after some time they fixed it
And i hear it happend in Pservers
I asked my friends and i saw really video of a guy getting punsh of 120 accounts in swsro2
!!
Is that possible
And if any 1 can tech me how

~~vhrut~~ · 04/08/2011, 17:46

teach sql injection its hard but you can do it

Shane¸ · 04/08/2011, 18:44

it's hax/crax related and not sro, however epvp doesn't really support you in those. google.com > sql injection tutorials but you can't do any kind of sql injections if the sql server isn't vulnerable

belgther · 04/08/2011, 19:26

you can't do any SQL injection in SRO, because it is an Client application... You do it in

...

Well just let me explain something : I was there as that happened... We told it to rev6, and they warned joymax. Joymax didn't toke it serious. The problem was : If you write as password a combinations of "?*_!~><^" special chars, which is not defined in the code table, you got an SQL failure... Then you could use that to make an easy SQL injection to

You have written : Select * From * : it gave you all DB
Than you have written

Select "Charname" , "ID","ServerName","PW"
From "Tablename of char, tablename of accounts, table name of servers
Where Tablename of char.AccountID = Tablename of accounts.AccountID
AND TablenameofServers.ServerID = Table Name of Chars.ServerID

then you get ID PW Server of a char in only 10 seconds...

rev6 automized it, putted it in his server and many people got hacked. Many players flamed and Joymaxa Fixed it before Legend 2 came out...

CraYu · 04/08/2011, 19:32

Did they had access only to account db ?

belgther · 04/08/2011, 20:05

Well Rev6 didn't wanted to hack all silkroad. Klevre did it once, to warn them... Joymax didn't toke him serious, so he hacked

....

They had access to everything in DB what had an interface on homepage... Account DB was one of them...

Haxor · 04/08/2011, 20:27

Quote:

Originally Posted by CraYu

Did they had access only to account db ?

My friend has also stole the QQ and email for every1
So he was have full access

Quote:

Originally Posted by belgther

Well Rev6 didn't wanted to hack all silkroad. Klevre did it once, to warn them... Joymax didn't toke him serious, so he hacked ....

They had access to everything in DB what had an interface on homepage... Account DB was one of them...

And that what i wanna want

Keyeight · 04/08/2011, 21:44

will to make somthing like that you must learn SQL at frist ^^

Dropdead* · 04/09/2011, 09:53

Quote:

Originally Posted by saif1999

My friend has also stole the QQ and email for every1
So he was have full access

And that what i wanna want

Uhm isro doesnt use QQ?

lesderid · 04/09/2011, 11:23

Quote:

Originally Posted by Dropdead*

Uhm isro doesnt use QQ?

He never said he was talking about iSRO.