Jump to content
The Best Lineage 2 Mods – Free & Custom
Get Free Banners - Giveaway MaxCheaters.com
We're Rebuilding – Join Our Staff Team

SQL Injection

Lomkevicius
 Share

Recommended Posts

HugoBoss Newbie

HugoBoss

Posted
Posted
11 hours ago, Lomkevicius said:

Hello All,

 

Does anyone has any SQL Injection for interlude ?

 

If you mean sqli for the game itself, like doing something specific and triggering the exploit that might be pretty hard to find.

 

if you mean sqli for the site of a X private server, like doing something specific on that site and triggering the exploit that should be easier to find but it's per case. Since you are practically attacking the site itself and it's logic then what you find on one site most probably will not work on another. Except if these sites have both been created by the same dev team.

 

In both cases what you would be looking to find is an input that you can manipulate. 

And you would start with something simple like a field taking alphanumeric characters. So if we searched for sqli on the game itself then;

The first thing that comes to mind is the username of your character. But this field has input validation so it doesn't allow special characters. 

Then there is the characters title which i thing accepts special characters?

But even if it did, then very important is how the server executes the query.

Does it take the input blindly and placing it in the middle of the query or does it do some parsing first before executing it?

 

If you had access to the code maybe you could spot more easily if there is a possibility of an sql injection happening or not, because in the end they might have coded it that way so all queries are parsed before execution.

 

I think it would be cool if there was an sql injection present in this game, even after all this time (talking about older chronicles).

 

Nightw0lf Mentor

Nightw0lf

Posted
Posted

did you try havij?

1 hour ago, HugoBoss said:

 

If you mean sqli for the game itself, like doing something specific and triggering the exploit that might be pretty hard to find.

 

if you mean sqli for the site of a X private server, like doing something specific on that site and triggering the exploit that should be easier to find but it's per case. Since you are practically attacking the site itself and it's logic then what you find on one site most probably will not work on another. Except if these sites have both been created by the same dev team.

 

In both cases what you would be looking to find is an input that you can manipulate. 

And you would start with something simple like a field taking alphanumeric characters. So if we searched for sqli on the game itself then;

The first thing that comes to mind is the username of your character. But this field has input validation so it doesn't allow special characters. 

Then there is the characters title which i thing accepts special characters?

But even if it did, then very important is how the server executes the query.

Does it take the input blindly and placing it in the middle of the query or does it do some parsing first before executing it?

 

If you had access to the code maybe you could spot more easily if there is a possibility of an sql injection happening or not, because in the end they might have coded it that way so all queries are parsed before execution.

 

I think it would be cool if there was an sql injection present in this game, even after all this time (talking about older chronicles).

 

 

HugoBoss Newbie

HugoBoss

Posted
Posted
8 hours ago, Nightw0lf said:

did you try havij?

 

 

No i haven't. Have you tried it? Did you get any interesting results for lineage2?

 

Lomkevicius Newbie

Lomkevicius

Posted
  • Author
Posted (edited)

Thanks for your answer, just to let you know that I was playing in the server (interlude) and now that server is closed, because someone messed up server database and server settings through the NPC.

 

Admin told me that one guy injected something through the NPC and even server chat colors were blinking and different colour. All NPC showing errors, ALT+B not working, server is offline and they trying to rollback everything

 

So just wanted to ask if this is very hard to do it, or you just need special software and skills

 

He was using fake IP , so he got a ban, but server is messed up

 

Admin using l2jorion server packs

Edited by Lomkevicius
wongerlt Collaborator

wongerlt

Posted
Posted
59 minutes ago, Lomkevicius said:

Thanks for your answer, just to let you know that I was playing in the server (interlude) and now that server is closed, because someone messed up server database and server settings through the NPC.

 

Admin told me that one guy injected something through the NPC and even server chat colors were blinking and different colour. All NPC showing errors, ALT+B not working, server is offline and they trying to rollback everything

 

So just wanted to ask if this is very hard to do it, or you just need special software and skills

 

He was using fake IP , so he got a ban, but server is messed up

 

Admin using l2jorion server packs

Or just pretext to make wipe :D

Lomkevicius Newbie

Lomkevicius

Posted
  • Author
Posted

they don't want to do Wipe, they still trying to fix it , otherwise they would say straight away and we could play right now, but just wanted to ask if this is really complicated to damage server like that ?

AlmostGood Enthusiast

AlmostGood

Posted
Posted

L2jorion is trash based on frozen, no bigger core reworks/fixes just tons of customs added LUL

Do you have any screen from ingame errors? it could be possible to backtrack that exploit

Lomkevicius Newbie

Lomkevicius

Posted
  • Author
Posted (edited)

basically when i clicked on any NPC in the town was something like missing HTML , path and then number like 3030.HTML missing

 

I don't have any screenshots but every npc with HTML error

Edited by Lomkevicius
HugoBoss Newbie

HugoBoss

Posted
Posted
11 hours ago, Lomkevicius said:

basically when i clicked on any NPC in the town was something like missing HTML , path and then number like 3030.HTML missing

 

I don't have any screenshots but every npc with HTML error

 

HTML missing could be just that, html files missing. If there is a db thing, then taking regular backups should at least provide them a point in time that they could restore it. Worse case should be 1 day back or even 1 hour back. Depending on how often they took backups. If it's a files missing issue / corruption, then DB backup will not do anything. They would need to have the server files backed up somewhere. Server files don't change that often except if you do manual changes to the server code. 

I understand it's a java server so even though i haven't used l2j (yet) i guess you could store all of the code somewhere in the cloud like for example, github. Then this is also your backup for the code.

 

In any case, im sorry this happened to your server and i hope they get this sorted.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing


  • Posts

    • s00m4d
      Epilogue L2 Optimal (Based On L2Dc)

      By s00m4d · Posted

      https://www.4shared.com/s/fyGGySJVvfa  
    • RMTgold
      Buying & Selling Wynncraft Stx

      By RMTgold · Posted

      PAYPAL& BINANCE
    • RMTgold
      Buying & Selling GW2 Gold / Items

      By RMTgold · Posted

      PAYPAL& BINANCE PAYPAL& BINANCE
    • RMTgold
      Buying & Selling WOW Gold

      By RMTgold · Posted

      PAYPAL& BINANCE
    • SocNet
      [SOCNET STARS] | Telegram Stars ⭐ /Premium Subs/Ads Balance

      By SocNet · Posted

      SOCNET STORE — is a unique place where you can find everything you need for your work on the Internet!   We offer the following range of products and services: Verified accounts with blue tick marks and confirmed documents in Instagram, Facebook, Twitter (X), LinkedIn; Gift cards and premium subscriptions for your services (Instagram Meta, Facebook Meta, Discord Nitro, Telegram Premium, YouTube Premium, Spotify Premium, ChatGPT, Netflix Premium, LinkedIn Premium, Twitter Premium, etc.); Telegram bot for purchasing Telegram Stars with a minimum markup with automatic delivery; Replenishment of your advertising accounts (in TikTok ADS, Facebook ADS, Google ADS, Bing ADS) + linking a bank card; Payment for any other service or subscription with a markup from 5 to 25% (depending on the cost of the subscription) Available payment methods: via PayPal, any cryptocurrency (+Binance Pay), Telegram Stars, Cash App, or any bank card.    Our online store  SOCNET.STORE  Our Telegram Stars Bot  SOCNET.CC  Our SMM-Panel for social media promotion  SOCNET.PRO  Telegram store  SOCNET.SHOP    News:  ➡ Telegram channel ➡ WhatsApp channel ➡ Discord server  Contacts and support:  ➡ Telegram support ➡ WhatsApp support ➡ Discord support: socnet_support ➡ Email support: solomonbog@socnet.store We have been operating for a long time and have gathered a huge list of reviews about our work! Our large list of positive and honest reviews is presented on our website!   VERIFIED ACCOUNTS    Verified old Instagram Meta account (2010-2020) with an active blue checkmark | Subscription has already been paid for 1 month in advance, account confirmed by documents: from $70 Verified old Facebook Meta account (2010-2023) with an active blue checkmark | Subscription has already been paid for 1 month in advance, account confirmed by documents: from $70 Verified Linkedin account (2010-2024) with an active checkmark and confirmed documents | Checkmark does not require renewal: from $80 Verified old Twitter (X) account (2010-2022) with an active blue checkmark | GEO: Tier 1-3 (your choice) | Subscription has already been paid for 1 month in advance: from $16    TELEGRAM STARS    Telegram Stars | 1 star from $0.0175 | Discounts for bulk orders | Delivery within 1-2 minutes automatically    GIFT SERVICES & PREMIUM SUBSCRIPTIONS  DISCORD NITRO Discord Nitro Classic (Basic) GIFT | 1/12 MONTHS | NO LOGIN OR PASSWORD NEEDED | Full subscription guarantee | Price from: $3.15 Discord Nitro FULL | 1/12 MONTHS | NO LOGIN OR PASSWORD NEEDED | Full subscription guarantee | Price from: $6.8 SPOTIFY PREMIUM Individual Spotify Premium plan for 1 month ON YOUR ACCOUNT | Available worldwide | Price from: $2.49 Family Spotify Premium plan for 1 month ON YOUR ACCOUNT | Works in any country | Price from: $3.75 Personal YouTube Premium Music on your account | 1 month | Ad-free YouTube | Price from: $3.75 Family YouTube Premium Music on your account | 1 month | Ad-free YouTube | Price from: $4.35 TELEGRAM PREMIUM Telegram Premium subscription for 1 month on your account | Authorization required (via TDATA or phone number) | Price from: $6 Telegram Premium subscription for 3 months on your account | No account authorization required | Guaranteed for full period | Price from: $17 Telegram Premium subscription for 6 months on your account | No account authorization required | Guaranteed for full period | Price from: $22 Telegram Premium subscription for 12 months on your account | No account authorization required | Guaranteed for full period | Price from: $37 GOOGLE VOICE • Google Voice Accounts (GMAIL US NEW) | Age/Year: Random 2024 | Phone Verified: Yes | Price from: $13 TWITTER(X) PREMIUM • Twitter Premium X subscription on your Twitter account for 1 month/1 year (your choice). Authorization in your Twitter account is required. Price from: $13 per month • Twitter X Premium Plus subscription with GROK AI on your Twitter account for 1 month/1 year (your choice). Authorization in your Twitter account is required. Price from: $55 NETFLIX PREMIUM • Netflix Premium subscription for 1 month on your personal account for any country, renewable after expiration | Price from: $10 CANVA PRO • CANVA PRO subscription for 1 month via invitation to your email | Price from: $1 CHATGPT 5 • Shared ChatGPT 5 Plus account FOR 2/5 USERS | Price from: $5 / $10 • Group ChatGPT 5 Plus subscription on your own email address for 1 month | Price from: $5 • Personal ChatGPT 5 Plus account FOR 1 USER or CHAT GPT PLUS subscription on your own account | Price from: $18 • ChatGPT 5 PRO account with UNLIMITED REQUESTS | Dedicated personal account FOR 1 USER ONLY or ON YOUR ACCOUNT | Works in any country or region | Price from: $220 Payment for any other subscription and replenishment of advertising accounts: Additional 5–20% to the cost of the subscription on the site or to the replenishment amount depending on the total purchase amount.   Attention: This text block does not represent our full product range; for more details, please visit the relevant links below! If you have any questions, our support team is always ready to help!       Our online store  SOCNET.STORE  Our Telegram Stars Bot  SOCNET.CC  Our SMM-Panel for social media promotion  SOCNET.PRO  Telegram store  SOCNET.SHOP    News:  ➡ Telegram channel ➡ WhatsApp channel ➡ Discord server  Contacts and support:  ➡ Telegram support ➡ WhatsApp support ➡ Discord support: socnet_support ➡ Email support: solomonbog@socnet.store We have been operating for a long time and have gathered a huge list of reviews about our work! Our large list of positive and honest reviews is presented on our website!  10% – 20% Discount or $1 BONUS for your registration  If you’d like to receive a $1 BONUS for your registration OR a DISCOUNT of 10% – 20% on your first purchase, simply leave a comment: "SEND ME MY BONUS, MY USERNAME IS..." You can also use the ready promo code across all our stores: "SOCNET" (15% discount!)  We invite you to COOPERATE and EARN with us  Want to sell your product or service in our stores and earn money? Want to become our partner or propose a mutually beneficial collaboration? You can contact us through the CONTACTS listed in this thread. Frequently Asked Questions and Refund Policy If you have any questions or issues, our fast customer support is always ready to respond to your requests! Refunds for services that do not fully meet the stated requirements or quality will only be issued if a guarantee and duration are explicitly mentioned in the product description. In all other cases, refunds will not be fully processed! By purchasing such services, you automatically agree to our refund policy for non-provided services. We currently accept CRYPTOMUS, Payeer, NotPayments, Perfect Money, Russian and Ukrainian bank cards, AliPay, BinancePay, CryptoBot, credit cards, and PayPal. The $1 registration bonus can only be used for purchases and only once after your first registration in any SOCNET project. We value every customer and provide replacements in case of invalid accounts through our contact methods! p.s.: Purchase bonuses can be used across any SOCNET projects: web store or Telegram bots.

  • Topics

×
×
  • Create New...

AdBlock Extension Detected!

Our website is made possible by displaying online advertisements to our members.

Please disable AdBlock browser extension first, to be able to use our community.

I've Disabled AdBlock