Jump to content
MaxCheaters Official Group on Discord
Top.MaxCheaters.com is now OPEN – Lineage 2 Top Listing

SQL Injection

Lomkevicius
 Share

Recommended Posts

HugoBoss Newbie

HugoBoss

Posted
Posted
11 hours ago, Lomkevicius said:

Hello All,

 

Does anyone has any SQL Injection for interlude ?

 

If you mean sqli for the game itself, like doing something specific and triggering the exploit that might be pretty hard to find.

 

if you mean sqli for the site of a X private server, like doing something specific on that site and triggering the exploit that should be easier to find but it's per case. Since you are practically attacking the site itself and it's logic then what you find on one site most probably will not work on another. Except if these sites have both been created by the same dev team.

 

In both cases what you would be looking to find is an input that you can manipulate. 

And you would start with something simple like a field taking alphanumeric characters. So if we searched for sqli on the game itself then;

The first thing that comes to mind is the username of your character. But this field has input validation so it doesn't allow special characters. 

Then there is the characters title which i thing accepts special characters?

But even if it did, then very important is how the server executes the query.

Does it take the input blindly and placing it in the middle of the query or does it do some parsing first before executing it?

 

If you had access to the code maybe you could spot more easily if there is a possibility of an sql injection happening or not, because in the end they might have coded it that way so all queries are parsed before execution.

 

I think it would be cool if there was an sql injection present in this game, even after all this time (talking about older chronicles).

 

Nightw0lf Mentor

Nightw0lf

Posted
Posted

did you try havij?

1 hour ago, HugoBoss said:

 

If you mean sqli for the game itself, like doing something specific and triggering the exploit that might be pretty hard to find.

 

if you mean sqli for the site of a X private server, like doing something specific on that site and triggering the exploit that should be easier to find but it's per case. Since you are practically attacking the site itself and it's logic then what you find on one site most probably will not work on another. Except if these sites have both been created by the same dev team.

 

In both cases what you would be looking to find is an input that you can manipulate. 

And you would start with something simple like a field taking alphanumeric characters. So if we searched for sqli on the game itself then;

The first thing that comes to mind is the username of your character. But this field has input validation so it doesn't allow special characters. 

Then there is the characters title which i thing accepts special characters?

But even if it did, then very important is how the server executes the query.

Does it take the input blindly and placing it in the middle of the query or does it do some parsing first before executing it?

 

If you had access to the code maybe you could spot more easily if there is a possibility of an sql injection happening or not, because in the end they might have coded it that way so all queries are parsed before execution.

 

I think it would be cool if there was an sql injection present in this game, even after all this time (talking about older chronicles).

 

 

HugoBoss Newbie

HugoBoss

Posted
Posted
8 hours ago, Nightw0lf said:

did you try havij?

 

 

No i haven't. Have you tried it? Did you get any interesting results for lineage2?

 

Lomkevicius Newbie

Lomkevicius

Posted
  • Author
Posted (edited)

Thanks for your answer, just to let you know that I was playing in the server (interlude) and now that server is closed, because someone messed up server database and server settings through the NPC.

 

Admin told me that one guy injected something through the NPC and even server chat colors were blinking and different colour. All NPC showing errors, ALT+B not working, server is offline and they trying to rollback everything

 

So just wanted to ask if this is very hard to do it, or you just need special software and skills

 

He was using fake IP , so he got a ban, but server is messed up

 

Admin using l2jorion server packs

Edited by Lomkevicius
wongerlt Community Regular

wongerlt

Posted
Posted
59 minutes ago, Lomkevicius said:

Thanks for your answer, just to let you know that I was playing in the server (interlude) and now that server is closed, because someone messed up server database and server settings through the NPC.

 

Admin told me that one guy injected something through the NPC and even server chat colors were blinking and different colour. All NPC showing errors, ALT+B not working, server is offline and they trying to rollback everything

 

So just wanted to ask if this is very hard to do it, or you just need special software and skills

 

He was using fake IP , so he got a ban, but server is messed up

 

Admin using l2jorion server packs

Or just pretext to make wipe :D

Lomkevicius Newbie

Lomkevicius

Posted
  • Author
Posted

they don't want to do Wipe, they still trying to fix it , otherwise they would say straight away and we could play right now, but just wanted to ask if this is really complicated to damage server like that ?

AlmostGood Enthusiast

AlmostGood

Posted
Posted

L2jorion is trash based on frozen, no bigger core reworks/fixes just tons of customs added LUL

Do you have any screen from ingame errors? it could be possible to backtrack that exploit

Lomkevicius Newbie

Lomkevicius

Posted
  • Author
Posted (edited)

basically when i clicked on any NPC in the town was something like missing HTML , path and then number like 3030.HTML missing

 

I don't have any screenshots but every npc with HTML error

Edited by Lomkevicius
HugoBoss Newbie

HugoBoss

Posted
Posted
11 hours ago, Lomkevicius said:

basically when i clicked on any NPC in the town was something like missing HTML , path and then number like 3030.HTML missing

 

I don't have any screenshots but every npc with HTML error

 

HTML missing could be just that, html files missing. If there is a db thing, then taking regular backups should at least provide them a point in time that they could restore it. Worse case should be 1 day back or even 1 hour back. Depending on how often they took backups. If it's a files missing issue / corruption, then DB backup will not do anything. They would need to have the server files backed up somewhere. Server files don't change that often except if you do manual changes to the server code. 

I understand it's a java server so even though i haven't used l2j (yet) i guess you could store all of the code somewhere in the cloud like for example, github. Then this is also your backup for the code.

 

In any case, im sorry this happened to your server and i hope they get this sorted.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing


  • Posts

    • L2TopNetwork
      L2Network.eu Just Got a Major Upgrade — Here's What It Means

      By L2TopNetwork · Posted

      Hello, We’re preparing to launch something new on L2network.eu… ⚠️   A premium SponsorAuction system is coming soon — introducing a new way to gain maximum visibility on the platform.     👉 Important: Your standard fixed sponsor spots are NOT going anywhere. They will remain available as always.   🔥 So what’s new? We’re adding a limited auction-based premium spot that will stand above everything else. This special placement will: Appear above all servers in the toplist Be visible on every page of the platform Deliver the highest possible exposure   💥 And here’s the catch: Only a very limited number of these premium spots will exist Access will be decided through competitive bidding This means: 👉 The most visible position on L2Network will no longer be bought — it will be won. ⏳ The first auction is opening soon. Early bidders will have the advantage. Get ready — because once it starts, competition will be intense. ------------------------------------------------------------------------------------ We've spent the last week rebuilding how your server pages work behind the scenes. Every server listed on L2Network now has a smarter, more discoverable detail page — and it's already pulling in better Google rankings. Here's what's new and how it helps you get more votes and players. ⭐ Star Ratings in Google Search Your server page now tells Google exactly how players have rated you. When someone searches for your server (or related Lineage 2 keywords), Google can now display golden stars next to your listing in the search results. REAL Stats- Live stats 📖 Auto-Generated Server Summary At the top of every detail page, there's now a clean intro paragraph describing your server in plain language — chronicle, rates, age, rating, and a call-to-action. It's built automatically from your existing server data, so you don't have to write anything. Players landing on your page see what your server is about within 2 seconds, instead of having to dig through tables.   ❓ FAQ Section on Every Page Every server page now has a Frequently Asked Questions block answering things like: What chronicle is this server? What are the rates? Is it L2OFF or L2J? When did it launch? How is it rated by players? These are auto-generated from your server settings — no work for you. Bonus: Google sometimes shows these directly in search results as expandable answers, giving you even more screen space in SERPs.   📈 What You Can Expect Over the next 2-4 weeks as Google re-crawls every detail page: What    Expected change Star ratings showing in Google searches    Servers with 5+ votes get ★ stars Click-through rate from search results    📈 Up to 35% higher Long-tail keyword rankings (e.g. "interlude x100", "high five pvp")    📈 Better positions Mobile click rate    📈 Improved with new layout
    • GX-Ext
      Maxtor is giving reputation points to GX-EXT

      By GX-Ext · Posted

      Thank you very much. It would also be good if you looked into this issue. UnknownSoldier has been manipulating me to make me look bad. He deleted all the evidence I uploaded and left all the insults against me. You'll also see that on April 26th, he reopened the thread and then locked it again just so his friend from Argentina could post: links down :l XD   In the thread: https://maxcheaters.com/topic/253997-sourceservercliente-l2devs-files-l2devscom/page/2/ They do this so they can later tell people that I deleted the links because it was a lie, and so on. Realize that all the damage you're causing is related to this same person. Regards and thank you very much! 🙂 PS: I would like UnknownSoldier to publish the evidence for why he has repeatedly called me a SCAMMER and explain why he also says that to other people. This person is using forum privileges to smear and discredit those who don't work with him. I WANT ALL THE EVIDENCE OF WHAT HE'S SAYING.  
    • Celestine
      Maxtor is giving reputation points to GX-EXT

      By Celestine · Posted

      Theres a lot of drama going on about Guytis scamming people. I want real, solid proof showing that he scammed anyone attach everything you have.   About reputation: we’re all adults here, yet some are acting like kids fighting over pixels. Think before spreading rumors. False claims don’t make you look better they make you look worse.   I’m waiting for actual evidence that he scammed any user. If there’s nothing to back it up, I’ll deal with it myself. Time’s running out this has been going on long enough.
    • Celestine
      [REPORT] Baylee (l2admin)

      By Celestine · Posted

      I’ve read the whole topic about Baylee and Protojah. From what I can see, Baylee wanted to buy some htmls and they agreed on a price. Later, Baylee changed her mind and decided not to go through with it. The product wasn’t delivered because Baylee changed her mind. Even if she initially agreed to the price, to avoid confusion. if the files had been sent and payment not made, I would call it a scam. But since they weren’t sent, this isn’t a scam.   I want to stress that I try to be fair to everyone, no matter the situation.   Yeah, Protojah did put in time and effort, and that’s fine, but disagreements happen all the time, even in real life jobs, no matter what the work is. I’m going to lock this topic to avoid more drama. Please keep all personal issues in private messages. And before anyone says anything else I’m not taking sides. I don’t protect scammers and I ban them, but since this isn’t a scam, you both should resolve this situation in DMs.
    • RMTgold
      Buying & Selling Wynncraft Stx

      By RMTgold · Posted

      PAYPAL& BINANCE

  • Topics

×
×
  • Create New...

Important Information

This community uses essential cookies to function properly. Non-essential cookies and third-party services are used only with your consent. Read our Privacy Policy and We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue..