SQL Injection through @item

Blue Jem · October 9, 2013

can you show to me the sample of SQL injection using command of @item

Edited October 9, 2013 by Patskie
Change topic title to informative one

Patskie · October 9, 2013

@item deal with numbers (item id and amount) so i guess there's no way for you to SQL inject it and besides staffs of rAthena would not create such commands that are vulnerable to SQL injection.

Bisuke · October 9, 2013

If you're server is experiencing a problem that a hacker can summon item at will, I believe it uses WPE/RPE to do this. As Patskie said, there's no way to inject using @item.

Patskie · October 10, 2013

But with @item we can also use "item name" as an alternative to item id. However, like what my 2nd argument pointed out. I don't think rA staff would create such commands that are vulnerable to SQLi. If an SQLi was made on your server. Maybe because you misuse some custom scripts.

Sign In

SQL Injection through @item

Question

Blue Jem

Link to comment

Share on other sites

3 answers to this question

Recommended Posts

Patskie

Link to comment

Share on other sites

Bisuke

Link to comment

Share on other sites

Patskie

Link to comment

Share on other sites

Join the conversation

Recently Browsing 0 members

Docs

Get Started

Github

Community

My Account