Newbie Spellweaver
- Joined
- Aug 22, 2014
- Messages
- 68
- Reaction score
- 19
test' shutdown--
easy to patch - open the related stored procedure and modify it to be SQL inject proof. Then add checks and validators to make sure everything is run properly.
You could also just remove the npc, but i do recommend that people learn how to counter SQL injects.
@UniverseGaming looks like you are the moron...Syloxx i do believe you are a moron because stored procedures dont accept querys only params so example say inside the stored proceedure u have a query that requires a username the program or script would called exec storedprocname and the params it needs and then runs the query with the data inside the sql server
[COLOR=#0000cd]exec[/COLOR] _Procedure [COLOR=#ff0000]'string1'[/COLOR], int1, int2; [COLOR=#0000cd]DROP DATABASE[/COLOR]();[COLOR=#008000]--', int1, int2[/COLOR]
Oh dear...
1) Relationship design.
2) Tables design.
3) Stored procedure design.
Work on those 3 and you will never see sql injection in your life again.
Everything you wrote can be stopped by properly re-writing the procedure, or altering the table, from being varchar(255)/varchar(max) to varchar(20/30) for example, and the game server should work fine. If not "since i havent touched sro in years", you can basically just modify the stored procedure.
By your logic, i should be able to inject every single game made in life because there is no way to stop sql injection right?
anyways ->You must be registered to see links;You must be registered to see links
Have a great day