Blue Jem Posted October 9, 2013 Group: Members Topic Count: 151 Topics Per Day: 0.04 Content Count: 393 Reputation: 3 Joined: 09/16/13 Last Seen: June 4, 2014 Share Posted October 9, 2013 (edited) can you show to me the sample of SQL injection using command of @item Edited October 9, 2013 by Patskie Change topic title to informative one Quote Link to comment Share on other sites More sharing options...
Patskie Posted October 9, 2013 Group: Members Topic Count: 50 Topics Per Day: 0.01 Content Count: 1702 Reputation: 238 Joined: 09/05/12 Last Seen: April 21 Share Posted October 9, 2013 @item deal with numbers (item id and amount) so i guess there's no way for you to SQL inject it and besides staffs of rAthena would not create such commands that are vulnerable to SQL injection. 1 Quote Link to comment Share on other sites More sharing options...
Bisuke Posted October 9, 2013 Group: Members Topic Count: 51 Topics Per Day: 0.01 Content Count: 177 Reputation: 10 Joined: 04/02/12 Last Seen: March 27 Share Posted October 9, 2013 If you're server is experiencing a problem that a hacker can summon item at will, I believe it uses WPE/RPE to do this. As Patskie said, there's no way to inject using @item. Quote Link to comment Share on other sites More sharing options...
Patskie Posted October 10, 2013 Group: Members Topic Count: 50 Topics Per Day: 0.01 Content Count: 1702 Reputation: 238 Joined: 09/05/12 Last Seen: April 21 Share Posted October 10, 2013 But with @item we can also use "item name" as an alternative to item id. However, like what my 2nd argument pointed out. I don't think rA staff would create such commands that are vulnerable to SQLi. If an SQLi was made on your server. Maybe because you misuse some custom scripts. Quote Link to comment Share on other sites More sharing options...
Question
Blue Jem
can you show to me the sample of SQL injection using command of @item
Edited by PatskieChange topic title to informative one
Link to comment
Share on other sites
3 answers to this question
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.