Jump to content
MaxCheaters Official Group on Discord
Top.MaxCheaters.com is now OPEN – Lineage 2 Top Listing

SQL Injection

Lomkevicius
 Share

Recommended Posts

HugoBoss Newbie

HugoBoss

Posted
Posted
11 hours ago, Lomkevicius said:

Hello All,

 

Does anyone has any SQL Injection for interlude ?

 

If you mean sqli for the game itself, like doing something specific and triggering the exploit that might be pretty hard to find.

 

if you mean sqli for the site of a X private server, like doing something specific on that site and triggering the exploit that should be easier to find but it's per case. Since you are practically attacking the site itself and it's logic then what you find on one site most probably will not work on another. Except if these sites have both been created by the same dev team.

 

In both cases what you would be looking to find is an input that you can manipulate. 

And you would start with something simple like a field taking alphanumeric characters. So if we searched for sqli on the game itself then;

The first thing that comes to mind is the username of your character. But this field has input validation so it doesn't allow special characters. 

Then there is the characters title which i thing accepts special characters?

But even if it did, then very important is how the server executes the query.

Does it take the input blindly and placing it in the middle of the query or does it do some parsing first before executing it?

 

If you had access to the code maybe you could spot more easily if there is a possibility of an sql injection happening or not, because in the end they might have coded it that way so all queries are parsed before execution.

 

I think it would be cool if there was an sql injection present in this game, even after all this time (talking about older chronicles).

 

Nightw0lf Mentor

Nightw0lf

Posted
Posted

did you try havij?

1 hour ago, HugoBoss said:

 

If you mean sqli for the game itself, like doing something specific and triggering the exploit that might be pretty hard to find.

 

if you mean sqli for the site of a X private server, like doing something specific on that site and triggering the exploit that should be easier to find but it's per case. Since you are practically attacking the site itself and it's logic then what you find on one site most probably will not work on another. Except if these sites have both been created by the same dev team.

 

In both cases what you would be looking to find is an input that you can manipulate. 

And you would start with something simple like a field taking alphanumeric characters. So if we searched for sqli on the game itself then;

The first thing that comes to mind is the username of your character. But this field has input validation so it doesn't allow special characters. 

Then there is the characters title which i thing accepts special characters?

But even if it did, then very important is how the server executes the query.

Does it take the input blindly and placing it in the middle of the query or does it do some parsing first before executing it?

 

If you had access to the code maybe you could spot more easily if there is a possibility of an sql injection happening or not, because in the end they might have coded it that way so all queries are parsed before execution.

 

I think it would be cool if there was an sql injection present in this game, even after all this time (talking about older chronicles).

 

 

HugoBoss Newbie

HugoBoss

Posted
Posted
8 hours ago, Nightw0lf said:

did you try havij?

 

 

No i haven't. Have you tried it? Did you get any interesting results for lineage2?

 

Lomkevicius Newbie

Lomkevicius

Posted
  • Author
Posted (edited)

Thanks for your answer, just to let you know that I was playing in the server (interlude) and now that server is closed, because someone messed up server database and server settings through the NPC.

 

Admin told me that one guy injected something through the NPC and even server chat colors were blinking and different colour. All NPC showing errors, ALT+B not working, server is offline and they trying to rollback everything

 

So just wanted to ask if this is very hard to do it, or you just need special software and skills

 

He was using fake IP , so he got a ban, but server is messed up

 

Admin using l2jorion server packs

Edited by Lomkevicius
wongerlt Community Regular

wongerlt

Posted
Posted
59 minutes ago, Lomkevicius said:

Thanks for your answer, just to let you know that I was playing in the server (interlude) and now that server is closed, because someone messed up server database and server settings through the NPC.

 

Admin told me that one guy injected something through the NPC and even server chat colors were blinking and different colour. All NPC showing errors, ALT+B not working, server is offline and they trying to rollback everything

 

So just wanted to ask if this is very hard to do it, or you just need special software and skills

 

He was using fake IP , so he got a ban, but server is messed up

 

Admin using l2jorion server packs

Or just pretext to make wipe :D

Lomkevicius Newbie

Lomkevicius

Posted
  • Author
Posted

they don't want to do Wipe, they still trying to fix it , otherwise they would say straight away and we could play right now, but just wanted to ask if this is really complicated to damage server like that ?

AlmostGood Enthusiast

AlmostGood

Posted
Posted

L2jorion is trash based on frozen, no bigger core reworks/fixes just tons of customs added LUL

Do you have any screen from ingame errors? it could be possible to backtrack that exploit

Lomkevicius Newbie

Lomkevicius

Posted
  • Author
Posted (edited)

basically when i clicked on any NPC in the town was something like missing HTML , path and then number like 3030.HTML missing

 

I don't have any screenshots but every npc with HTML error

Edited by Lomkevicius
HugoBoss Newbie

HugoBoss

Posted
Posted
11 hours ago, Lomkevicius said:

basically when i clicked on any NPC in the town was something like missing HTML , path and then number like 3030.HTML missing

 

I don't have any screenshots but every npc with HTML error

 

HTML missing could be just that, html files missing. If there is a db thing, then taking regular backups should at least provide them a point in time that they could restore it. Worse case should be 1 day back or even 1 hour back. Depending on how often they took backups. If it's a files missing issue / corruption, then DB backup will not do anything. They would need to have the server files backed up somewhere. Server files don't change that often except if you do manual changes to the server code. 

I understand it's a java server so even though i haven't used l2j (yet) i guess you could store all of the code somewhere in the cloud like for example, github. Then this is also your backup for the code.

 

In any case, im sorry this happened to your server and i hope they get this sorted.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing


  • Posts

    • Banshee Garnet
      L2OFF Services

      By Banshee Garnet · Posted

      New implementations   Autofarm complete system with time limit fully configurable   Tournament 1vs1 ( not instanced ) With queue fully configurable ( possibility to run all day or 2 different hours for example Latin/Europe   Fortress vs Fortress event automated with top killer reward , protections and fully configurable with seperated .ini   And more
    • babyjason
      Volcanic Monsters (notifications )

      By babyjason · Posted

      Anybody has these monsters ripped from the latest chronicle lineagemonsters14.volcanic_archer_m00 lineagemonsters14.volcanic_ice_m00 lineagemonsters14.volcanic_magic_m00 lineagemonsters14.volcanic_warrior_m00 lineagemonsters14.volcanic_boss_m00  
    • babyjason
      Editing Ability Points names and description, How?

      By babyjason · Posted

      thanks guys
    • eMommy
      Editing Ability Points names and description, How?

      By eMommy · Posted

      this is literally like such bad advice? i dont thikn you understand the question..   node_begin name=[Ability] type=5 sub_node_begin paramType=100 unk=0 nodeName=[Type] int_params={1;1;1;1;1;1;1;1;1;1;1;1;1;1;1;1;1;1;1;1;1;2;2;2;2;2;2;2;2;2;2;2;2;2;2;2;2;2;2;2;3;3;3;3;3;3;3;3;3;3;3;3;3;3;3;3;3} sub_node_end sub_node_begin paramType=100 unk=0 nodeName=[SkillID] int_params={19233;19234;19235;19236;19237;19238;19239;19240;19241;19242;19243;19244;19245;19246;19247;19248;19249;19250;19251;19252;19253;19254;19255;19256;19257;19258;19259;19260;19261;19262;19263;19264;19265;19266;19267;19268;19269;19270;19271;19272;19273;19274;19275;19276;19277;19278;19279;19280;19281;19282;19283;19284;19285;19286;19287;19288;19289} sub_node_end sub_node_begin paramType=100 unk=0 nodeName=[SkillLev] int_params={3;3;3;3;2;2;2;2;4;1;4;1;2;2;2;2;2;1;1;2;1;2;4;4;3;2;3;1;3;2;3;1;2;2;1;2;2;2;2;1;2;3;3;3;3;1;3;2;1;2;2;2;2;2;2;2;1} sub_node_end sub_node_begin paramType=100 unk=0 nodeName=[Depth] int_params={1;1;1;1;2;2;2;2;3;3;3;3;4;4;4;4;5;5;5;5;6;1;1;1;2;2;2;2;3;3;3;3;4;4;4;4;5;5;5;6;1;1;1;2;2;2;3;3;3;4;4;4;4;5;5;5;6} sub_node_end sub_node_begin paramType=100 unk=0 nodeName=[Column] int_params={1;2;3;4;1;2;3;4;1;2;3;4;1;2;3;4;1;2;3;4;2;1;2;4;1;2;3;4;1;2;3;4;1;2;3;4;1;2;4;2;1;2;4;1;3;4;1;2;4;1;2;3;4;1;2;4;2} sub_node_end sub_node_begin paramType=100 unk=0 nodeName=[RequireLev] int_params={85;85;85;85;85;85;85;85;85;85;85;85;85;85;85;85;85;85;85;85;85;85;85;85;85;85;85;85;85;85;85;85;85;85;85;85;85;85;85;85;85;85;85;85;85;85;85;85;85;85;85;85;85;85;85;85;85} sub_node_end sub_node_begin paramType=100 unk=0 nodeName=[RequireSkillID] int_params={0;0;0;0;0;0;0;19236;19237;0;19239;0;0;0;0;0;0;0;0;0;0;0;0;0;0;0;0;0;19257;0;19259;0;0;0;0;0;0;0;0;0;0;0;0;0;0;0;19276;0;0;0;0;0;0;0;0;0;0} sub_node_end sub_node_begin paramType=100 unk=0 nodeName=[RequireSkillLev] int_params={0;0;0;0;0;0;0;3;2;0;2;0;0;0;0;0;0;0;0;0;0;0;0;0;0;0;0;0;3;0;3;0;0;0;0;0;0;0;0;0;0;0;0;0;0;0;3;0;0;0;0;0;0;0;0;0;0} sub_node_end sub_node_begin paramType=100 unk=0 nodeName=[RequireCount] int_params={0;0;0;0;5;5;5;5;10;10;10;10;15;15;15;15;20;20;20;20;25;0;0;0;5;5;5;5;10;10;10;10;15;15;15;15;20;20;20;25;0;0;0;5;5;5;10;10;10;15;15;15;15;20;20;20;25} sub_node_end sub_node_begin paramType=115 unk=0 nodeName=[Name] string_params={[Guardian's Shield];[Guardian's Magic Barrier];[Guardian's Body];[Guardian's Elemental Cover];[Guardian's Armor Defense];[Guardian's Leather Defense];[Guardian's Tunic Defense];[Guardian's Resistance];[Guardian's Life];[Guardian's Block];[Guardian's Armor];[Guardian's Guidance];[Guardian's Death Shield];[Guardian's Focus Shield];[Guardian's Mind Control];[Guardian's Blessing];[Guardian's Binding Cover];[Guardian's Spirit];[Guardian's Potential];[Guardian's Expert Potion];[Guardian's Defense Master];[Berserker's Haste];[Berserker's Might];[Berserker's Elemental Attack];[Berserker's Craft Focus];[Berserker's Backfire];[Berserker's Focus];[Berserker's Cost];[Berserker's Craft Death];[Berserker's Mortal];[Berserker's Death Whisper];[Berserker's Eagle];[Berserker's Battle];[Berserker's Fire];[Berserker's Skill Reduction];[Berserker's Blessing];[Berserker's Binding Attack];[Berserker's Divine Attack];[Berserker's Expert Potion];[Berserker's Combat Master];[Magician's Acumen];[Magician's Empower];[Magician's Elemental Shot];[Magician's Wild Magic];[Magician's Condition];[Magician's Eva];[Magician's Mystic];[Magician's Prominence];[Magician's Sight];[Magician's Protection];[Magician's Water];[Magician's Magic Reduction];[Magician's Blessing];[Magician's Binding Shot];[Magician's Divine Shot];[Magician's Expert Potion];[Magician's Spell Master]} sub_node_end sub_node_begin paramType=115 unk=0 nodeName=[Icon] string_params={[icon.skill19120];[icon.skill19121];[icon.skill1045];[icon.skill1352];[icon.skill0231];[icon.skill0233];[icon.skill0234];[icon.skill1354];[icon.skill1229];[icon.skill1304];[icon.skill19165];[icon.skill19127];[icon.skill1542];[icon.skill0986];[icon.skill19132];[icon.skill_exp_sp_up];[icon.skill0335];[icon.skill10044];[icon.skill1532];[icon.skill_potion_up];[icon.skill0528];[icon.skill1086];[icon.skill19139];[icon.skill19130];[icon.skill0193];[icon.skill0030];[icon.skill1077];[icon.skill19140];[icon.skill10655];[icon.skill0330];[icon.skill4278];[icon.skill19127];[icon.skill1388];[icon.skill1356];[icon.skill0758];[icon.skill_exp_sp_up];[icon.skill0983];[icon.skill11011];[icon.skill_potion_up];[icon.skill1499];[icon.skill1085];[icon.skill1059];[icon.skill19130];[icon.skill1303];[icon.skill1501];[icon.skill0214];[icon.skill19160];[icon.skill0330];[icon.skill19127];[icon.skill0046];[icon.skill1355];[icon.skill0945];[icon.skill_exp_sp_up];[icon.skill0983];[icon.skill11011];[icon.skill_potion_up];[icon.skill1500]} sub_node_end sub_node_begin paramType=115 unk=0 nodeName=[IconPanel] string_params={[icon.pannel_blessed];[icon.pannel_blessed];[icon.pannel_blessed];[icon.pannel_blessed];[icon.pannel_blessed];[icon.pannel_blessed];[icon.pannel_blessed];[icon.pannel_blessed];[icon.pannel_blessed];[icon.pannel_blessed];[icon.pannel_blessed];[icon.pannel_blessed];[icon.pannel_blessed];[icon.pannel_blessed];[icon.pannel_blessed];[icon.pannel_blessed];[icon.pannel_blessed];[icon.pannel_blessed];[icon.pannel_blessed];[icon.pannel_blessed];[icon.pannel_blessed];[icon.pannel_pupple];[icon.pannel_pupple];[icon.pannel_pupple];[icon.pannel_pupple];[icon.pannel_pupple];[icon.pannel_pupple];[icon.pannel_pupple];[icon.pannel_pupple];[icon.pannel_pupple];[icon.pannel_pupple];[icon.pannel_pupple];[icon.pannel_pupple];[icon.pannel_pupple];[icon.pannel_pupple];[icon.pannel_pupple];[icon.pannel_pupple];[icon.pannel_pupple];[icon.pannel_pupple];[icon.pannel_pupple];[icon.panel_2];[icon.panel_2];[icon.panel_2];[icon.panel_2];[icon.panel_2];[icon.panel_2];[icon.panel_2];[icon.panel_2];[icon.panel_2];[icon.panel_2];[icon.panel_2];[icon.panel_2];[icon.panel_2];[icon.panel_2];[icon.panel_2];[icon.panel_2];[icon.panel_2]} sub_node_end sub_node_begin paramType=109 unk=0 nodeName=[LevelDesc] array_params={{[P. Def. + 2%];[P. Def. + 4%];[P. Def. + 7%]};{[M. Def. + 2%];[M. Def. + 4%];[M. Def. + 7%]};{[Max HP + 3%];[Max HP + 6%];[Max HP + 9%]};{[All Attribute Defense + 15];[All Attribute Defense + 25];[All Attribute Defense + 40]};{[When equipping Heavy Armor <br>P./M. Def. + 3%];[When equipping Heavy Armor <br>P./M. Def. + 6%]};{[When equipping Light Armor <br>P./M. Def. + 3%];[When equipping Light Armor <br>P./M. Def. + 6%]};{[When equipping Robe <br>P./M. Def. + 3%];[When equipping Robe <br>P./M. Def. + 6%]};{[Debuff Resistance + 5%];[Debuff Resistance + 10%]};{[Max HP + 3%];[Max HP + 6%];[Max HP + 10%];[Max HP + 15%]};{[Shield Defense + 100%]};{[P. Def. + 2%];[P. Def. + 4%];[P. Def. + 8%];[P. Def. + 12%]};{[P. Accuracy, M. Accuracy,<br>servitor's P. Accuracy + 12.<br>Enchants Revelation skill]};{[Received P. Critical Damage - 10%];[Received P. Critical Damage - 20%]};{[Chance of receiving P. Critical Damage - 15%];[Chance of receiving P. Critical Damage - 30%]};{[Skill Cooldown - 3%];[Skill Cooldown - 5%]};{[EXP, SP + 5%];[EXP, SP + 10%]};{[Received damage when immobilized - 7%];[Received damage when immobilized - 15%]};{[All Attribute Defense + 50]};{[Skill Critical Rate + 10%]};{[Recovery Potion, Elixir Effect + 500];[Recovery Potion, Elixir Effect + 1000]};{[Received Damage - 10%]};{[Atk. Spd. + 1%];[Atk. Spd. + 3%]};{[P. Atk. + 1%];[P. Atk. + 2%];[P. Atk. + 3%];[P. Atk. + 4%]};{[Attack Attribute + 10];[Attack Attribute + 20];[Attack Attribute + 30];[Attack Attribute + 40]};{[P. Skill Critical Rate + 3%];[P. Skill Critical Rate + 6%];[P. Skill Critical Rate + 10%]};{[Rear Damage + 2%];[Rear Damage + 5%]};{[P. Critical Rate + 10];[P. Critical Rate + 20];[P. Critical Rate + 40]};{[Skill MP Consumption - 5%]};{[P. Skill Critical Damage + 2%];[P. Skill Critical Damage + 4%];[P. Skill Critical Damage + 7%]};{[Skill Mastery Rate + 30%];[Skill Mastery Rate + 60%]};{[P. Critical Damage + 2%];[P. Critical Damage + 4%];[P. Critical Damage + 7%]};{[P. Accuracy, M. Accuracy,<br>servitor's P. Accuracy + 12.<br>Enchants Revelation skill]};{[P. Atk. + 3%];[P. Atk. + 6%]};{[P. Skill Power + 2%];[P. Skill Power + 5%]};{[Skill Cooldown - 3%]};{[EXP, SP + 5%];[EXP, SP + 10%]};{[Damage to immobilized<br>targets + 5%];[Damage to immobilized<br>targets + 10%]};{[Attack Attribute + 25];[Attack Attribute + 50]};{[Recovery Potion, Elixir Effect + 500];[Recovery Potion, Elixir Effect + 1000]};{[Damage + 10%]};{[Casting Spd. + 2%];[Casting Spd. + 4%]};{[M. Atk. + 2%];[M. Atk. + 5%];[M. Atk. + 8%]};{[Attack Attribute + 10];[Attack Attribute + 20];[Attack Attribute + 40]};{[M. Critical Rate + 10];[M. Critical Rate + 20];[M. Critical Rate + 40]};{[Max HP, MP + 3%];[Max HP, MP + 6%];[Max HP, MP + 9%]};{[Skill MP Consumption - 5%]};{[M. Critical Damage + 3%];[M. Critical Damage + 6%];[M. Critical Damage + 10%]};{[Skill Mastery Rate + 30%];[Skill Mastery Rate + 60%]};{[P. Accuracy, M. Accuracy,<br>servitor's P. Accuracy + 12.<br>Enchants Revelation skill]};{[Mental, Stun, Aerial Yoke<br>Success Rate + 5%];[Mental, Stun, Aerial Yoke<br>Success Rate + 10%]};{[M. Skill Power + 2%];[M. Skill Power + 5%]};{[Skill Cooldown - 3%];[Skill Cooldown - 5%]};{[EXP, SP + 5%];[EXP, SP + 10%]};{[Damage to Immobile<br>Opponents + 5%];[Damage to Immobile<br>Opponents + 10%]};{[Attack Attribute + 25];[Attack Attribute + 50]};{[Recovery Potion, Elixir Effect + 500];[Recovery Potion, Elixir Effect + 1000]};{[Damage + 10%]}} sub_node_end node_end @babyjason in regards to your post ><
    • eMommy
      Dalam World - New 4k MMO Game Client!

      By eMommy · Posted

      hate to be a hater but this is typical ai slop kind of post..

  • Topics

×
×
  • Create New...

Important Information

This community uses essential cookies to function properly. Non-essential cookies and third-party services are used only with your consent. Read our Privacy Policy and We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue..