Swiftemu - injection sql in navigator and other...

Results 1 to 3 of 3
  1. 15-06-14 #1
    VabboWorld
    Elite Member VabboWorld is offline
    Member +Rank
    Oct 2013 Join Date
    FranceLocation
    124Posts

    angry Swiftemu - injection sql in navigator and other...

    Sorry i'm french ^^

    Error in query:
    SELECT * FROM rooms WHERE owner LIKE ''; TRUNCATE cms_chat;' ORDER BY id DESC LIMIT 50
    MySql.Data.MySqlClient.MySqlException (0x80004005): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' ORDER BY id DESC LIMIT 50' at line 1
    at MySql.Data.MySqlClient.MySqlStream.ReadPacket()
    at MySql.Data.MySqlClient.NativeDriver.GetResult(Int32& affectedRow, Int32& insertedId)
    at MySql.Data.MySqlClient.Driver.GetResult(Int32 statementId, Int32& affectedRows, Int32& insertedId)
    at MySql.Data.MySqlClient.Driver.NextResult(Int32 statementId, Boolean force)
    at MySql.Data.MySqlClient.MySqlDataReader.NextResult()
    at MySql.Data.MySqlClient.MySqlDataReader.Close()
    at System.Data.Common.DbDataReader.Dispose(Boolean disposing)
    at System.Data.Common.DbDataReader.Dispose()
    at System.Data.Common.DbDataAdapter.FillInternal(DataSet dataset, DataTable[] datatables, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior)
    at System.Data.Common.DbDataAdapter.Fill(DataTable[] dataTables, Int32 startRecord, Int32 maxRecords, IDbCommand command, CommandBehavior behavior)
    at System.Data.Common.DbDataAdapter.Fill(DataTable dataTable)
    at Database_Manager.Database.Session_Details.QueryAdapter.getTable()


    help-me please...
    Reply With Quote Reply With Quote
  2. Check out our sponsor
    Swiftemu - injection sql in navigator and other...
  3. 15-06-14 #2
    JackHoll
    Sorcerer Supreme JackHoll is offline
    Member +Rank
    Mar 2013 Join Date
    UKLocation
    469Posts

    Re: Swiftemu - injection sql in navigator and other...

    Found this on another Forum (Credits to Sledmore)

    Open up the emulator source and search for the following:

    PHP Code:
    internal ServerMessage SerializeSearchResults(string SearchQuery
    Replace the whole ServerMessage with the following:

    PHP Code:
    internal ServerMessage SerializeSearchResults(string SearchQuery)
            {
                    DataTable Data = new DataTable();
                    using (IQueryAdapter dbClient ButterflyEnvironment.GetDatabaseManager().getQueryreactor())
                {
                    if (    SearchQuery.Length 0)
                    {
                        if (    SearchQuery.Contains("owner:"))
                        {
                                string[] splitSearch SearchQuery.Split(':');
                                dbClient.setQuery("SELECT rooms.*, room_active.active_users FROM rooms LEFT JOIN room_active ON (room_active.roomid = rooms.id) WHERE owner = [MENTION=190253]query[/MENTION] AND roomtype = 'private' " "ORDER BY active_users DESC LIMIT 50");
                                dbClient.addParameter("query"splitSearch[1]);
                                Data dbClient.getTable();
                        }
                        else
                        {
                                dbClient.setQuery("SELECT rooms.*, room_active.active_users FROM rooms LEFT JOIN room_active ON (room_active.roomid = rooms.id) WHERE owner = [MENTION=190253]query[/MENTION] AND roomtype = 'private' " +
                                            "UNION ALL " "SELECT rooms.*, room_active.active_users FROM rooms LEFT JOIN room_active ON (room_active.roomid = rooms.id) WHERE caption = [MENTION=190253]query[/MENTION] AND roomtype = 'private' " "ORDER BY active_users DESC LIMIT 50");
                                dbClient.addParameter("query"SearchQuery);
                                Data dbClient.getTable();
                        }
                    }
                }
                List<    RoomData> list = new List<RoomData>();
                if (    Data != null)
                {
                    foreach (    DataRow row in Data.Rows)
                    {
                            RoomData item ButterflyEnvironment.GetGame().GetRoomManager().FetchRoomData(Convert.ToUInt32(row["id"]), row);
                        list.    Add(item);
                    }
                }
                    ServerMessage message = new ServerMessage(Outgoing.NavigatorPacket);
                    message.AppendInt32(8);
                    message.AppendString(SearchQuery);
                    message.AppendInt32(list.Count);
                foreach (    RoomData data2 in list)
                {
                        data2.Serialize(messagefalse);
                }
                    message.AppendBoolean(false);
                return     message;
            } 
    Reply With Quote Reply With Quote
  4. 15-06-14 #3
    VabboWorld
    Elite Member VabboWorld is offline
    Member +Rank
    Oct 2013 Join Date
    FranceLocation
    124Posts

    Re: Swiftemu - injection sql in navigator and other...

    It does not work ... I get to empty my tables, it is urgent there ...
    Reply With Quote Reply With Quote


« Previous Thread | Next Thread »

Advertisement