Jump to content
--> Place your ad text here <--
Get Free Banners - Giveaway MaxCheaters.com
We're Rebuilding – Join Our Staff Team

SQL Injection

Lomkevicius
 Share

Recommended Posts

HugoBoss Newbie

HugoBoss

Posted
Posted
11 hours ago, Lomkevicius said:

Hello All,

 

Does anyone has any SQL Injection for interlude ?

 

If you mean sqli for the game itself, like doing something specific and triggering the exploit that might be pretty hard to find.

 

if you mean sqli for the site of a X private server, like doing something specific on that site and triggering the exploit that should be easier to find but it's per case. Since you are practically attacking the site itself and it's logic then what you find on one site most probably will not work on another. Except if these sites have both been created by the same dev team.

 

In both cases what you would be looking to find is an input that you can manipulate. 

And you would start with something simple like a field taking alphanumeric characters. So if we searched for sqli on the game itself then;

The first thing that comes to mind is the username of your character. But this field has input validation so it doesn't allow special characters. 

Then there is the characters title which i thing accepts special characters?

But even if it did, then very important is how the server executes the query.

Does it take the input blindly and placing it in the middle of the query or does it do some parsing first before executing it?

 

If you had access to the code maybe you could spot more easily if there is a possibility of an sql injection happening or not, because in the end they might have coded it that way so all queries are parsed before execution.

 

I think it would be cool if there was an sql injection present in this game, even after all this time (talking about older chronicles).

 

Nightw0lf Mentor

Nightw0lf

Posted
Posted

did you try havij?

1 hour ago, HugoBoss said:

 

If you mean sqli for the game itself, like doing something specific and triggering the exploit that might be pretty hard to find.

 

if you mean sqli for the site of a X private server, like doing something specific on that site and triggering the exploit that should be easier to find but it's per case. Since you are practically attacking the site itself and it's logic then what you find on one site most probably will not work on another. Except if these sites have both been created by the same dev team.

 

In both cases what you would be looking to find is an input that you can manipulate. 

And you would start with something simple like a field taking alphanumeric characters. So if we searched for sqli on the game itself then;

The first thing that comes to mind is the username of your character. But this field has input validation so it doesn't allow special characters. 

Then there is the characters title which i thing accepts special characters?

But even if it did, then very important is how the server executes the query.

Does it take the input blindly and placing it in the middle of the query or does it do some parsing first before executing it?

 

If you had access to the code maybe you could spot more easily if there is a possibility of an sql injection happening or not, because in the end they might have coded it that way so all queries are parsed before execution.

 

I think it would be cool if there was an sql injection present in this game, even after all this time (talking about older chronicles).

 

 

HugoBoss Newbie

HugoBoss

Posted
Posted
8 hours ago, Nightw0lf said:

did you try havij?

 

 

No i haven't. Have you tried it? Did you get any interesting results for lineage2?

 

Lomkevicius Newbie

Lomkevicius

Posted
  • Author
Posted (edited)

Thanks for your answer, just to let you know that I was playing in the server (interlude) and now that server is closed, because someone messed up server database and server settings through the NPC.

 

Admin told me that one guy injected something through the NPC and even server chat colors were blinking and different colour. All NPC showing errors, ALT+B not working, server is offline and they trying to rollback everything

 

So just wanted to ask if this is very hard to do it, or you just need special software and skills

 

He was using fake IP , so he got a ban, but server is messed up

 

Admin using l2jorion server packs

Edited by Lomkevicius
wongerlt Collaborator

wongerlt

Posted
Posted
59 minutes ago, Lomkevicius said:

Thanks for your answer, just to let you know that I was playing in the server (interlude) and now that server is closed, because someone messed up server database and server settings through the NPC.

 

Admin told me that one guy injected something through the NPC and even server chat colors were blinking and different colour. All NPC showing errors, ALT+B not working, server is offline and they trying to rollback everything

 

So just wanted to ask if this is very hard to do it, or you just need special software and skills

 

He was using fake IP , so he got a ban, but server is messed up

 

Admin using l2jorion server packs

Or just pretext to make wipe :D

Lomkevicius Newbie

Lomkevicius

Posted
  • Author
Posted

they don't want to do Wipe, they still trying to fix it , otherwise they would say straight away and we could play right now, but just wanted to ask if this is really complicated to damage server like that ?

AlmostGood Enthusiast

AlmostGood

Posted
Posted

L2jorion is trash based on frozen, no bigger core reworks/fixes just tons of customs added LUL

Do you have any screen from ingame errors? it could be possible to backtrack that exploit

Lomkevicius Newbie

Lomkevicius

Posted
  • Author
Posted (edited)

basically when i clicked on any NPC in the town was something like missing HTML , path and then number like 3030.HTML missing

 

I don't have any screenshots but every npc with HTML error

Edited by Lomkevicius
HugoBoss Newbie

HugoBoss

Posted
Posted
11 hours ago, Lomkevicius said:

basically when i clicked on any NPC in the town was something like missing HTML , path and then number like 3030.HTML missing

 

I don't have any screenshots but every npc with HTML error

 

HTML missing could be just that, html files missing. If there is a db thing, then taking regular backups should at least provide them a point in time that they could restore it. Worse case should be 1 day back or even 1 hour back. Depending on how often they took backups. If it's a files missing issue / corruption, then DB backup will not do anything. They would need to have the server files backed up somewhere. Server files don't change that often except if you do manual changes to the server code. 

I understand it's a java server so even though i haven't used l2j (yet) i guess you could store all of the code somewhere in the cloud like for example, github. Then this is also your backup for the code.

 

In any case, im sorry this happened to your server and i hope they get this sorted.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing


  • Posts

    • Nightw0lf
      [Active Anticheat] When Promises Fall Short

      By Nightw0lf · Posted

      its not imagination we skip that on this topic my offer still stands i am accepting a house Mr. @ERROR501 for more information please contact me
    • FlatroON
      Sell Interlude ready server files, latest source + autofarm

      By FlatroON · Posted

      Sell ready interlude server files, with all popular features and tested, stable source + fully functional premium geodata for free.   Features include: Events: DM CTF TVT LM Dressme system Custom Buffer GM Shop Custom community board Donation manager  Auto Farm   Album: sell c6 — ImgBB   Test Server online: Patch link: https://drive.google.com/file/d/1mvEbv9XESsvfWwc638xFyyzyESeE2U95/view?usp=drive_link Auto acc create and auto admin   Price: 300$. Discord: l2retro
    • rufi
      InertiaX AutoFarm

      By rufi · Posted

      Faltan demasiados archivos,  y lógicas en clases claves como L2pcInstance, entre otras. si bien muchas cosas están y el flujo es valorable.  Gracias por tu esfuerzo es bastante... pero realmente no esta completo el código, falta que subas todas las modificaciones en clases colaterales... podrías intentar subir un diff de todo el mod  completo de tu pack y bueno ahí si que cada uno adapte... pero faltan muchas cosas, dudo que haya gente que lo haya echo funcionar con esto... 
    • Celestine
      [Active Anticheat] When Promises Fall Short

      By Celestine · Posted

      I know people who have fully bypassed and reversed AAC. One day, they might even release the full source code, but for now, they’re still making money off it. I won’t name anyone, but it’s clear that there aren’t any truly solid anticheats for Lineage2. As I’ve said before, kernel level anticheats are the only real solution. Anything that runs as Internal and injects gets flagged, and your account ends up getting kicked or banned. That’s just how most games handle it nowadays. To TL;DR the whole thing cheating will always exist because there are people out there smart enough to bypass any protection and run private cheats. Public cheats are always detected eventually, so I don’t see any point in buying AAC, especially when they claim it blocks adr, which simply isn’t true.
    • nicu30
      [L2J] L2 Adonis

      By nicu30 · Posted

      🌐 Website: https://l2adonis.com 📅 GRAND OPENING: July 18, 2025 – 20:00 (UTC+2) 💬 Discord: https://discord.com/invite/tZBj8JxAwx 🚫 No auto-farm • No auto-macro • No pay-to-win • No custom   Some Basic Info's (More detalied info's on website)  EXP/SP: x25  Adena: x15  Drop: x15  Spoil: x15  Seal Stones: x15  Raid Boss Drop: x10  Epic Boss Drop: x1  Manor: x10  Safe Enchant: +4  Max Enchant: +16  Normal Scroll Chance: 50%  Blessed Scroll Chance: 66% (If enchant fail item remain +4)  Buff Slots (30+4 extra with Divine Inspiration)  Dances/Songs Slots 14  Auto-learn skills  ⚔️ Real PvP • Real Progression • Retail-like experience JOIN NOW and relive the real L2 experience!

  • Topics

×
×
  • Create New...

AdBlock Extension Detected!

Our website is made possible by displaying online advertisements to our members.

Please disable AdBlock browser extension first, to be able to use our community.

I've Disabled AdBlock