The grammar and spelling errors in this thread are killing me. Good luck anyways..
The grammar and spelling errors in this thread are killing me. Good luck anyways..
website location : C:\_WebApp\WebDevelopment\Joymax\Joymax\files\
Wonderful.Originally Posted by DrugDealers
http://www.joymax.co.kr//fileDownloa...do\msado15.dll
This exploit discovered by me and its spreaded around lol and its useless you cant do anything other than get the connection string and some other things like website files,and there is another one in the pmang kr sro but you cant sqli it cuz they use double layer protection but you can bypass it by some sort of python handmade encryption at the end good luck and about the connection sql string there is no more easy than it
SRO_Global_TestBed
name=XianIP=10.10.111.2,14331
User=jmx_sro_acc_web
Pass=dlwpqkRnfEorkehlwldksgdkssk~?
DB=SilkroadOnline
IP=10.10.111.11,14331
User=sro_server
Pass=169841
DB=SRO_XIAN_SHARD
And here is the official sro ips that have the servers ISRO only
5: 121.128.133.26
12: 121.128.133.137
19: 121.128.133.140
26: 121.128.133.141
33: 121.128.133.144
40: 121.128.133.145
47: 121.128.134.11
54: 222.111.150.0
61: 222.111.150.0
68: 121.128.133.148
75: 121.128.133.149
82: 121.128.133.152
89: 121.128.133.153
96: 121.128.133.156
103: 121.128.133.157
110: 121.128.133.136
117: 221.149.172.97
124: 221.149.172.118
131: 121.128.133.160
138: 121.128.133.161
145: 121.128.133.164
152: 121.128.133.165
159: 121.128.133.168
166: 121.128.133.169
173: 121.128.133.172
180: 121.128.133.173
187: 121.128.133.176
194: 121.128.133.177
201: 121.128.133.180
208: 121.128.133.181
215: 121.128.133.184
222: 121.128.133.185
229: 121.128.133.188
236: 121.128.133.189
243: 121.128.134.12
250: 121.128.133.196
257: 121.128.133.197
264: 121.128.133.198
271: 121.128.133.204
278: 121.128.133.205
285: 121.128.133.210
292: 121.128.133.211
299: 121.128.133.30
306: 121.128.133.212
313: 121.128.133.213
320: 123.123.123.1
327: 123.123.123.2
334: 222.111.176.15
341: 222.111.176.16
348: 222.111.176.11
355: 222.111.176.12
362: 121.128.133.138
369: 121.128.133.142
376: 121.128.133.146
383: 121.128.133.150
390: 121.128.133.154
397: 121.128.133.158
404: 121.128.133.162
411: 121.128.133.166
418: 121.128.133.170
425: 121.128.133.174
432: 121.128.133.178
439: 121.128.133.182
446: 121.128.133.186
453: 121.128.133.190
460: 121.128.133.206
467: 121.128.133.209
474: 121.128.133.215
481: 222.111.176.17
488: 222.111.176.13
495: 222.111.176.19
502: 222.111.176.20
509: 222.111.176.21
516: 222.111.176.23
523: 222.111.176.24
530: 222.111.176.25
537: 222.111.176.87
544: 222.111.176.88
551: 222.111.176.89
558: 121.128.134.13
565: 121.128.133.216
572: 121.128.133.117
579: 121.128.133.118
586: 222.111.176.31
593: 222.111.176.32
600: 222.111.176.33
607: 222.111.176.35
614: 222.111.176.36
621: 222.111.176.37
628: 222.111.176.39
635: 222.111.176.40
642: 222.111.176.41
649: 121.128.134.14
656: 121.128.134.15
663: 222.111.176.43
670: 222.111.176.44
677: 222.111.176.45
684: 222.111.176.47
691: 222.111.176.48
698: 222.111.176.49
705: 121.128.133.23
712: 222.111.176.51
719: 222.111.176.52
726: 222.111.176.53
733: 222.111.176.55
740: 222.111.176.56
747: 222.111.176.57
754: 222.111.176.59
761: 222.111.176.60
768: 222.111.176.61
775: 222.111.176.63
782: 222.111.176.64
789: 222.111.176.65
796: 222.111.176.67
803: 222.111.176.68
810: 222.111.176.69
817: 222.111.176.71
824: 222.111.176.72
831: 222.111.176.73
838: 222.111.176.75
845: 222.111.176.76
852: 222.111.176.77
859: 121.128.134.16
866: 222.111.176.79
873: 222.111.176.80
880: 222.111.176.81
887: 222.111.176.83
894: 222.111.176.84
901: 222.111.176.85
908: 222.111.176.86
915: 121.128.133.139
922: 121.128.133.143
929: 121.128.133.147
936: 121.128.133.151
943: 121.128.133.155
950: 121.128.133.159
957: 121.128.133.163
964: 121.128.133.167
971: 121.128.133.171
978: 121.128.133.175
985: 121.128.133.179
992: 121.128.133.183
999: 121.128.133.187
1006: 121.128.133.191
1013: 121.128.133.207
1020: 121.128.133.208
1027: 121.128.133.214
1034: 121.128.133.119
1041: 222.111.176.14
1048: 222.111.176.18
1055: 222.111.176.22
1062: 222.111.176.26
1069: 222.111.176.90
1076: 222.111.176.34
1083: 222.111.176.38
1090: 222.111.176.42
1097: 222.111.176.46
1104: 222.111.176.50
1111: 222.111.176.54
1118: 222.111.176.58
1125: 222.111.176.62
1132: 222.111.176.66
1139: 222.111.176.70
1146: 222.111.176.74
1153: 222.111.176.78
1160: 222.111.176.82
1167: 121.128.133.28
1174: 121.128.133.29
1181: 222.111.176.91
1188: 222.111.176.92
1195: 222.111.176.93
1202: 222.111.176.94
1209: 222.111.176.95
1216: 222.111.176.96
1223: 222.111.176.97
1230: 222.111.176.98
1237: 222.111.176.99
1244: 222.111.176.100
1251: 222.111.176.101
1258: 222.111.176.102
1265: 222.111.176.103
1272: 222.111.176.104
1279: 222.111.176.105
1286: 222.111.176.106
1293: 222.111.176.107
1300: 222.111.176.108
1307: 222.111.176.109
1314: 222.111.176.110
1321: 222.111.176.111
1328: 222.111.176.112
1335: 222.111.176.113
1342: 222.111.176.114
1349: 10.13.1.1
1356: 66.150.7.5
1363: 66.150.7.6
1370: 66.150.7.7
1377: 66.150.7.8
1384: 66.150.7.9
1391: 66.150.7.10
1398: 66.150.7.11
1405: 66.150.7.12
1412: 66.150.7.13
1419: 66.150.7.14
1426: 66.150.7.15
1433: 66.150.7.16
1440: 10.22.3.5
1447: 31.193.168.132
1454: 31.193.168.133
1461: 31.193.168.134
1468: 31.193.168.135
1475: 31.193.168.136
1482: 31.193.168.137
1489: 31.193.168.138
1496: 31.193.168.139
1503: 222.111.176.115
1510: 222.111.176.116
1517: 222.111.176.117
1524: 222.111.176.118
1531: 121.128.133.14
1538: 121.128.133.15
1545: 121.128.133.16
1552: 121.128.133.17
1559: 121.128.133.18
1566: 121.128.133.19
1573: 121.128.133.20
1580: 121.128.133.21
1587: 121.128.133.31
1594: 121.128.133.32
1601: 121.128.133.33
1608: 121.128.133.34
1615: 121.128.133.92
1622: 121.128.133.93
1629: 121.128.133.94
1636: 121.128.133.95
1643: 121.128.133.96
1650: 121.128.133.97
1657: 121.128.133.98
1664: 121.128.133.99
1671: 121.128.133.2
1678: 121.128.133.3
1685: 121.128.133.4
1692: 121.128.133.5
1699: 121.128.133.6
1706: 121.128.133.7
1713: 121.128.133.8
1720: 121.128.133.9
1727: 121.128.133.100
1734: 121.128.133.101
1741: 121.128.133.102
1748: 121.128.133.103
1755: 121.128.133.104
1762: 121.128.133.105
1769: 121.128.133.106
1776: 121.128.133.107
1783: 121.128.133.108
1790: 121.128.133.109
1797: 121.128.133.110
1804: 121.128.133.111
1811: 121.128.133.112
1818: 121.128.133.113
1825: 121.128.133.114
1832: 121.128.133.115
1839: 121.128.133.121
1846: 121.128.133.122
1853: 121.128.133.123
1860: 121.128.133.124
1867: 121.128.133.64
1874: 121.128.133.65
1881: 121.128.133.66
1888: 121.128.133.67
1895: 121.128.133.80
1902: 121.128.133.81
1909: 121.128.133.82
1916: 121.128.133.83
1923: 121.128.133.76
1930: 121.128.133.77
1937: 121.128.133.78
1944: 121.128.133.79
1951: 121.128.133.56
1958: 121.128.133.57
1965: 121.128.133.58
1972: 121.128.133.59
1979: 121.128.133.52
1986: 121.128.133.53
1993: 121.128.133.54
2000: 121.128.133.55
2007: 121.128.133.88
2014: 121.128.133.89
2021: 121.128.133.90
2028: 121.128.133.91
2035: 121.128.133.84
2042: 121.128.133.85
2049: 121.128.133.86
2056: 121.128.133.87
2063: 121.128.133.72
2070: 121.128.133.73
2077: 121.128.133.74
2084: 121.128.133.75
2091: 121.128.133.68
2098: 121.128.133.69
2105: 121.128.133.70
2112: 121.128.133.71
2119: 121.128.133.36
2126: 121.128.133.37
2133: 121.128.133.38
2140: 121.128.133.39
2147: 121.128.133.40
2154: 121.128.133.41
2161: 121.128.133.42
2168: 121.128.133.43
2175: 121.128.133.44
2182: 121.128.133.45
2189: 121.128.133.46
2196: 121.128.133.47
2203: 121.128.133.48
2210: 121.128.133.49
2217: 121.128.133.50
2224: 121.128.133.51
2231: 121.128.133.60
2238: 121.128.133.61
2245: 121.128.133.62
2252: 121.128.133.63
2259: 121.128.133.116
Last edited by MeGaMaX; 21-08-14 at 11:15 PM.
No clue what we should talk about.
,
And AlephZero, could you post it for the people here on the forum, saves me time to create a small app that parses it and downloads it.
haha lobsterman is still alive? dear god i havent seen you in years since runescape days!
:P
MegaMax attracted my attention to this thread... :3
Last edited by Jangan; 22-08-14 at 12:22 AM.
okay here is the website
- Attachment removed by Jangan , read below :)
http://forum.ragezone.com/f475/joyma...0/#post8190010
Last edited by Jangan; 22-08-14 at 12:23 AM. Reason: Attachment Deleted by: Jangan
Well someone beat me to it and posted the site already, but there isn't much to it but a boring businness website. Just the mssql connectionstring
.
Could you upload the files to a website? i dont like the 125kb file you just uploaded... please scan your files before uploading, as this is a HOTT thread i will be brute force scanning files that get uploaded anywhere here.
~ Jangan
Last edited by Jangan; 22-08-14 at 12:24 AM.
Closed#
Last edited by RenePunik; 23-08-14 at 01:30 PM.
Good someone released the joymax.co.kr vulnrb... You dont have to bruteforce anything to get the website.. take the main files they are including everything else.. ( http://prntscr.com/4f9pt6 ) Anyway.. I highly doubt someone will get any further with that. There's an SQLi vulnrb.. in the pmang website as megamax explained somewhere above in the posts. But it is kinda.. character limited if I have to explain it with simple words..
The thing u could do is this...
Everything above 11 characters will be shown as error and till 11th char from the string u entered. If someone needs the info ready I am willing to share it.. you can add me on skype it's the same as my ragezone nick :) Have fun and good luck with that.. :D
Cmon, first of you RenePunk. You don't have any clue to do even basic injection (as you mentioned, you'd like to hack them with sql). Nvm about it. if this download script went public, let me explain some thing. _Division database in on the server, SQLVersion => 2008 r2. You would jump directiores, but you won't be able download .MDF files, .LDF files with that. (Me & proxy downloaded mstsc.exe from their windows to check which file extensions it do download. If somebody would pass MIME Extensions and 11 chars limit. Soo good luck. (Maybe eggplants from yahoo wouldn't watch this thread xd)
Why would i have died ? :|.
- /community/discussionBoard/discussionBoard_list.asp
- /community/discussionboard/discussionboard_view.asp
- /community/freeboard/freeboard_list.asp
- /community/freeboard/freeboard_view.asp
- /community/gmsquare/gm_episode_list.asp
- /community/gmsquare/gm_episode_view.asp
- /community/ideaboard/ideaboard_list.asp
- /community/ideaboard/ideaboard_view.asp
- /community/qnaboard/qnaboard_list.asp
- /community/screenboard/screenboard_list.asp
- /community/screenboard/screenboard_view.asp
- /news/event_list.asp
- /news/news_list.asp
- /support/support_faq_pmang.asp
All of them are on the ksro (pmang) website, SQLi.. For the ones that are going to ask..
