Join our community of MMORPG enthusiasts and private server developers! By registering, you'll gain access to in-depth discussions on source codes, binaries, and the latest developments in MMORPG server files. Collaborate with like-minded individuals, explore tutorials, and share insights on building and optimizing private servers. Join us today and unlock the full potential of MMORPG server development!
Join Today!That's actually *close* to, "an ethical hack". Strictly speaking, you should have informed Imri before hand, and given him the opportunity to fix the problem.tnrh1 aka imri,
i deleted your databases. you let your SQL be open for remote connections and i knew your ip,id and pw so i could
connect and delete them freely.
i am no longer in the pt community so i dont mind letting you know that. i did that for good reasons.
Dim name = request("name")
odbc.Open "SELECT TOP 1 * FROM [ul] WHERE [chname] = '" & name &"'", __, __
SELECT TOP 1 * FROM [ul] WHERE [chname] = 'Gregoo'
SELECT TOP 1 * FROM [ul] WHERE [chname] = 'Gregoo';DROP DATABASE [accountdb];--'
SELECT TOP 1 * FROM [ul] WHERE [chname] = 'Gregoo''; DROP DATABASE [accountdb];--'
' Fetch data from the query string. The data is escaped to prevent SQL injection
' @param key : string
' @return string
Function G(my_key)
G = Replace(trim(request(my_key)), "'", "''")
End Function
Dim name = Replace(request("name"), "'", "''")
odbc.Open "SELECT TOP 1 * FROM [ul] WHERE [chname] = '" & name &"'", __, __
Replace(request() , "'", "''")
I did unethical hacking as retaliation. Dropped the database of a few servers that sent hackers to the server I was working with. That was the wtfish days of PT, when nobody shared anything. That was the only way to keep an edge.I also know that he did some "ethical hacking" to prove to popular, existing servers at the time that they had not patched these flaws, offering to help them.IDK if he was asking money or not, but the server admins who spoke to me about it where highly offended by his actions, and felt they where being "held to ransom". I would have considered it a warning and an offer of help, but I know where they are coming from.
You're welcome.Thanks Gregoo.
In T-SQL (that's the language you use to converse with a MS SQL Server), strings are declared with single quotes. Double quotes would throw an error.P.S. Doesn't SQL take double quotes the same way? I seem to remember being told to escape those as well.
SELECT * FROM [clandb].[dbo].[ul] WHERE [chname] = 'Gregoo'
SELECT * FROM [clandb].[dbo].[ul] WHERE [chname] = "Gregoo"
SELECT * FROM [clandb].[dbo].[ul] WHERE "chname" = 'Gregoo'
SELECT '"'
"
SELECT '"''
SELECT '"'''
"'
tnrh1 aka imri,
i deleted your databases. you let your SQL be open for remote connections and i knew your ip,id and pw so i could
connect and delete them freely.
i am no longer in the pt community so i dont mind letting you know that. i did that for good reasons.
Why is *your* rz account being held responsible for the actions of an individual who isn't even on our staff? Also, why would he care; honestly?and I'm deleting my rz account.
dim chkchar as char
for i = 0 to len(charname) - 1
chkchar = str(i,i + 1,charname)
if not ((chkchar => "a" and chkchar <= "z") or (chkchar => "A" and chkchr <= "Z") or (chkchar => "0" and chkchar <= "0")) then
conn().close
console.writeline("You have used illegal character)
i = i + 1
next i
Escape characters is the "better method". But you need to define all the places you need characters escaped, and all the places you need them plain, then translate between the two.Im obviously not saying that this is the best method, but most likely more secure than what there was previous.