I dont know SQL very well. i just have some basic knowledge in Java.
I'm also not so familiar with silkroad files, but is it possible to make a GM account like this?
Code:
a'; UPDATE SRO_VT_ACCOUNT.dbo.TB_User SET sec_primary = 1 WHERE StrUserID = 'YourAccountID';--
a'; UPDATE SRO_VT_ACCOUNT.dbo.TB_User SET sec_content = 1 WHERE StrUserID = 'YourAccountID';--
I know there is not realy a use for it, when you have access to the DB, but it could happen that you lose Fortress
Ja, sollte funktionieren wenn die Database nicht umbenannt wurde, und selbst wenn kann du dir die Database genannt beim Namen zusenden lassen (indem du das Message System von Silkroad benutzt)
Desweiteren ist es möglich sollte xp_cmdshell aktiviert sein ganze CMD Befehle auszuführen (z.b. das Password des Admins ändern oder dir sogar einen neuen Benutzer erstellen) - das geht aber nur wenn der SQL Service mit local administrator rechten ausgestattet ist
Und da die benutzer welche die Silkroad Databases managen meist der sa user ist kannst du im zweifel xp_cmdshell selbst aktivieren ()
mit der CMD ist es dir dann möglich die Powershell zu starten welche im vergleich zur CMD viel mächtiger ist und solltest du die Powershell beherschen und Administrator rechte haben dann ist ganz vorbei.
Die SQL Injection ist weitaus kritischer als viele denken.
what da hell did i just see?????????? i didn't investigate that exploit until now
oh-no seriously vsro are a piece **** yada-yada-yada
yet still be able to restrict it through blocking tables name @ ServerSide (only) inside AbuseFilter.txt at least who will try to execute it will get crash
honestly didn't execute that horrible exploit yet so i can't confirm that the fix i just mentioned is either work or not (if it could be called a fix after all xD)
what da hell did i just see?????????? i didn't investigate that exploit until now
oh-no seriously vsro are a piece **** yada-yada-yada
yet still be able to restrict it through blocking tables name @ ServerSide (only) inside AbuseFilter.txt at least who will try to execute it will get crash
honestly didn't execute that horrible exploit yet so i can't confirm that the fix i just mentioned is either work or not (if it could be called a fix after all xD)
That's the only injection there is. Stop over exaggerating please.
That's the only injection there is. Stop over exaggerating please.
you mean there's a lot of sql injections out there?
well i don't know, been a long time from vsro (sticked with BR and Tsro somehow)
okay can you post the common injections??
you mean there's a lot of sql injections out there?
well i don't know, been a long time from vsro (sticked with BR and Tsro somehow)
okay can you post the common injections??
There isn't any other injections in-game. All other strings are being checked before a procedure call is executed. This is the only one.
[Information] Was bedeuten die Zahlen oben?, Was bekomme ich? [Information] 12/16/2010 - WarRock - 3 Replies Hi com,
wie bestimmt schon ihr alle bemerkt habt, gab es ein Update und somit ein neues Event (Habe ich aber auch gestern gegen 02:00 Uhr gepostet.
Also ich möchte hier mal Klarstellen, was es mit dem Event aufsich hat.
-Was bedeuten diese Zahlen oben Links?
Also, Links steht am Anfang 300, das heißt ihr müsst 300 Kills mit Schneebällen erreichen und bekommt Anschließend einen Preis! Nach 300 kommen 500, dannach 700 und Anschließend 900, vielleicht mehr, was ich leider nicht weiss.
C# Get ingame information 01/09/2009 - Silkroad Online - 2 Replies Hi all,
I know more or less how I can get ingame information with CE, but I would like to know how can I get the CE information in C# or visual basic because I want to make an application with it but I don't know how use CE's information. I can't find anything..
Thanks a lot in advance. :)
uoah
Ingame injection 03/27/2008 - Dekaron - 7 Replies Hey guys..
I just want to know if there is one way to inject hacks into game by hitting F12 or any else.
Like the Hacks for Counter-Strike..U start them, start the game and when u are ingame u hit F12 and a Menu pops up where u can change some values like Autoshoot, Aimbot, Speedhack and so on..
Now my question:
Is there any way to get Hacks injected, when u are already ingame?
Greez
spam
![[INFORMATION] SQL Injection (ingame)](https://www.elitepvpers.com/forum/iconimages/sro-private-server/information-sql-injection-ingame_ltr.gif){kind=small}
)
