Blue Jem Posted October 9, 2013 Posted October 9, 2013 (edited) can you show to me the sample of SQL injection using command of @item Edited October 9, 2013 by Patskie Change topic title to informative one Quote
Patskie Posted October 9, 2013 Posted October 9, 2013 @item deal with numbers (item id and amount) so i guess there's no way for you to SQL inject it and besides staffs of rAthena would not create such commands that are vulnerable to SQL injection. 1 Quote
Bisuke Posted October 9, 2013 Posted October 9, 2013 If you're server is experiencing a problem that a hacker can summon item at will, I believe it uses WPE/RPE to do this. As Patskie said, there's no way to inject using @item. Quote
Patskie Posted October 10, 2013 Posted October 10, 2013 But with @item we can also use "item name" as an alternative to item id. However, like what my 2nd argument pointed out. I don't think rA staff would create such commands that are vulnerable to SQLi. If an SQLi was made on your server. Maybe because you misuse some custom scripts. Quote
Question
Blue Jem
can you show to me the sample of SQL injection using command of @item
Edited by PatskieChange topic title to informative one
3 answers to this question
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.