Hacking SQL with Server IP Only?

Results 1 to 9 of 9
  1. #1
    Apprentice RoozeV is offline
    MemberRank
    Apr 2021 Join Date
    7Posts

    ! Hacking SQL with Server IP Only?

    Yes, even without knowing the password or login, the guy managed to send and edit items.

    I don't have a website and the SQL port is filtered for local access only.

    How is this possible?



  2. #2
    PwrGames PwrDex is online now
    MemberRank
    Jul 2011 Join Date
    /var/log/cabalLocation
    783Posts

    Re: Hacking SQL with Server IP Only?

    Quote Originally Posted by RoozeV View Post
    Yes, even without knowing the password or login, the guy managed to send and edit items.

    I don't have a website and the SQL port is filtered for local access only.

    How is this possible?

    That what you saying is impossible. Did you checked the sent mail table and cash item history?

  3. #3
    Apprentice RoozeV is offline
    MemberRank
    Apr 2021 Join Date
    7Posts

    Re: Hacking SQL with Server IP Only?

    Quote Originally Posted by PwrDex View Post
    That what you saying is impossible. Did you checked the sent mail table and cash item history?
    Yes I checked the history, and that's not it. He showed me that he can create characters too (within accounts I created), so I assume he can execute SQL commands.

    I spoke to him on discord and he told me he can do this if port 38180 or 38181 (I can't remember for sure which one) is open. I closed those ports on the firewall and asked him to try again, and apparently he couldn't. But I don't know if I can trust him.

    There's no way to be brute force because my login and password are about 10 characters long, including special symbols, and my SQL port is not the default. Also, I changed the password and he got it quickly.

    It also showed me that it can crash channels, but I used that thread and blocked some packets like ''e2b70e0000000000..'' and apparently fixed it.
    Last edited by RoozeV; 13-06-22 at 08:56 PM.

  4. #4
    Lurker AzureSensei is offline
    ModeratorRank
    Aug 2013 Join Date
    RageZoneLocation
    310Posts

    Re: Hacking SQL with Server IP Only?

    Why would you keep GlobalDBAgent port open?????

    There is a reason why only these ports suppose to be open:
    - 80 - HTTP
    - 443 - HTTPS
    - 1433 - Database
    - 38101 - LoginSvr
    - 38121 - Chatnode
    - 38151 - AgentShop
    - 38111 - 38116 - Channels*
    - 38126 - War [170-190]*

  5. #5
    Apprentice RoozeV is offline
    MemberRank
    Apr 2021 Join Date
    7Posts

    Re: Hacking SQL with Server IP Only?

    Quote Originally Posted by AzureSensei View Post
    Why would you keep GlobalDBAgent port open?????

    There is a reason why only these ports suppose to be open:
    - 80 - HTTP
    - 443 - HTTPS
    - 1433 - Database
    - 38101 - LoginSvr
    - 38121 - Chatnode
    - 38151 - AgentShop
    - 38111 - 38116 - Channels*
    - 38126 - War [170-190]*
    Yeah, I didn't think something like that was possible... not on this level. :P

  6. #6
    Lurker AzureSensei is offline
    ModeratorRank
    Aug 2013 Join Date
    RageZoneLocation
    310Posts

    Re: Hacking SQL with Server IP Only?

    There are tools out there, since EP2 times, that are extremely damaging if you leave specific ports open, so that's the reason why the only minimal amount is needed to be public, everything else is communicating behind firewall.

  7. #7
    PwrGames PwrDex is online now
    MemberRank
    Jul 2011 Join Date
    /var/log/cabalLocation
    783Posts

    Re: Hacking SQL with Server IP Only?

    Quote Originally Posted by AzureSensei View Post
    Why would you keep GlobalDBAgent port open?????

    There is a reason why only these ports suppose to be open:
    - 80 - HTTP
    - 443 - HTTPS
    - 1433 - Database
    - 38101 - LoginSvr
    - 38121 - Chatnode
    - 38151 - AgentShop
    - 38111 - 38116 - Channels*
    - 38126 - War [170-190]*
    Also if you have to open Port 22 and 1433 than IP filter and if you want better protection than certification authentication is recommended.

  8. #8
    Enthusiast Ocid Borlan is offline
    MemberRank
    Feb 2014 Join Date
    47Posts

    Re: Hacking SQL with Server IP Only?

    sql procedure

  9. #9
    Account Upgraded | Title Enabled! Fur Zi is offline
    MemberRank
    Feb 2012 Join Date
    HellLocation
    258Posts

    Re: Hacking SQL with Server IP Only?

    SQL Injection can be done in your client.



Advertisement