Jump to content

Check Server Vulnerability Messenger - SQL Injection


Recommended Posts

  • VIP

M2 Download Center

Download Here ( Internal )

Hello devs!

 

I've found this tutorial on another Metin2Forum(doesn't matter which one, I'M NOT THE ORIGINAL POSTER) !

I think it can be userful for peoples which use diffs to fix this vulenraiblity and they don't know sure if the diff works or not.

 

Spoiler

085317messengerinjection.png.58aa4eb089a

 

How to do ?

1.Download this python DLL (see in your client if it's using 2.2 or 2.7):

Python22

Python27

 

2. Log in to navicat, database player and after press 'CTRL+Q':

Paste this code and click 'RUN'

Spoiler

DROP TABLE IF EXISTS `test`;
CREATE TABLE `test` (
  `name` varchar(255) NOT NULL,
  PRIMARY KEY (`name`)
) ;

INSERT INTO `test` VALUES ('A');
INSERT INTO `test` VALUES ('Caso');
INSERT INTO `test` VALUES ('Parole');
INSERT INTO `test` VALUES ('Scrivendo');
INSERT INTO `test` VALUES ('Sto');

 3.Login to client with anny account(isn't necessary to be GM) and you will see this noticebox:

Spoiler

085317dll-injected.png.b045583032ef08e8e

4. Press F9 and will see these mesages:

Spoiler

085317injection-complete.png.83e3d81d480

 

 

Spoiler

085317feedback.png.74da2e80e38964afd6f47

 

6. Now Login again to Navicat , database player and open table test. If that table it's empty(don't have anny record) your server was succesfully injected, so you are still vulnerable.

 

Hope it works for all of you !

 

  • Love 2
Link to comment

I'm happy... Finally someone appreciates my small tool... >.<

In the original forum nobody said anything about it and for this reason I didn't post in other forums.

 

Thank you for sharing,

Misterioso

  • Love 2
Link to comment
  • 1 year later...
On 7/22/2016 at 6:19 PM, misterioso said:

I'm happy... Finally someone appreciates my small tool... >.<

In the original forum nobody said anything about it and for this reason I didn't post in other forums.

 

Thank you for sharing,

Misterioso

you is good man

Link to comment
  • 3 years later...
Quote

If that table it's empty(don't have anny record) your server was succesfully injected, so you are still vulnerable.

 

What should happen if you are not vulnerable?

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×
×
  • Create New...

Important Information

Terms of Use / Privacy Policy / Guidelines / We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.