Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Sql injection Release:

  1. #1
    Banned
    Join Date
    Jun 2012
    Gender
    Location
    90 90
    Age
    31
    Posts
    1,714
    Thanks
    876
    Thanked 2,877 Times in 1,139 Posts


    Downloads
    44
    Uploads
    1
    Mentioned
    562 Post(s)
    Time Online
    118 d 6 h 45 m
    Avg. Time Online
    1 h 30 m
    Rep Power
    0
    Gamer IDs

    Gamertag: DarkByt3 PSN ID: raredaredevil

    Sql injection Release:

    http://www.speedyshare.com/GhaAU/New...IP-archive.zip


    Its already reported and will be patched shortly also this is a not a user table injection I would not release that! Use at own risk this is proof of concept. This has only been released as the noob who tried to blackmail me on msn is now try to sell it haha.

    p.s its python2.7

    ---------- Post added at 08:32 AM ---------- Previous post was at 08:19 AM ----------

    Just fyi , run client.py and u dont need a neo login to run this. Do not contact me about this release I did not know enough about this stuff myself to even use it. Although I do know its a blind injection (returns no output) what you can do is make the server sleep for 10 seconds using SLEEP(10). Now we can also say..... if(somdatabasevalue) == somevalue then SLEEP(10) , or if(firstletterofsomepassword="a") then SLEEP(10) ect... Again this is just shit Ive read I dont know about this stuff.


    If the mods do not want this here , move it to the right place / delete it. But this will be patched in 24 hours and I can assure u no one can access the user table from this database. The best they can do is inject a new prize id into a current active game to another item id to make a item gen. The user table appears to be on 2 different servers.
    Last edited by DarkByte; 12-18-2012 at 08:46 AM.

  2. The Following 4 Users Say Thank You to DarkByte For This Useful Post:

    DarkAngel (12-18-2012),I_royalty_I (12-19-2012),kooldude888 (12-18-2012),n00ne (12-18-2012)

  3. #2



    EvolutionZzZ's Avatar
    Join Date
    Feb 2012
    Gender
    Posts
    333
    Thanks
    65
    Thanked 95 Times in 48 Posts


    Downloads
    119
    Uploads
    0
    Mentioned
    37 Post(s)
    Time Online
    33 d 2 h 44 m
    Avg. Time Online
    25 m
    Rep Power
    6
    Gamer IDs

    Gamertag: MidgetBudda
    I dont even understand what this is lol

  4. #3
    Banned
    Join Date
    Jun 2012
    Gender
    Location
    90 90
    Age
    31
    Posts
    1,714
    Thanks
    876
    Thanked 2,877 Times in 1,139 Posts


    Downloads
    44
    Uploads
    1
    Mentioned
    562 Post(s)
    Time Online
    118 d 6 h 45 m
    Avg. Time Online
    1 h 30 m
    Rep Power
    0
    Gamer IDs

    Gamertag: DarkByt3 PSN ID: raredaredevil
    A database is where information from websites is stored , think of it as a memory card for websites.

    All you data from username/password game status ect is stored in databases. This exploit lets you execute your own commands via there sql server , so you can insert new info or change old info from your "save file". You should not play with this if you do not know what it does but in reality if u fuck anything up I think you would only break ur blumaroll games (I am not 100% sure of the entire db contents , other stuff may use the same db).

    I reported this about 48 hours ago and they have been working on it a long with some other bugs since , so use your vpn and expect it to stop at any second.
    Last edited by DarkByte; 12-18-2012 at 08:55 AM.

  5. #4
    Reemer's Avatar
    Join Date
    Dec 2011
    Gender
    Location
    Iowa
    Age
    25
    Posts
    625
    Thanks
    348
    Thanked 414 Times in 242 Posts


    Downloads
    30
    Uploads
    9
    Mentioned
    200 Post(s)
    Time Online
    2 d 17 h 46 m
    Avg. Time Online
    2 m
    Rep Power
    8
    I'm no hacker, but isn't there a way to have the server email you the output? Or was that something else?

  6. #5
    Banned
    Join Date
    Jun 2012
    Gender
    Location
    90 90
    Age
    31
    Posts
    1,714
    Thanks
    876
    Thanked 2,877 Times in 1,139 Posts


    Downloads
    44
    Uploads
    1
    Mentioned
    562 Post(s)
    Time Online
    118 d 6 h 45 m
    Avg. Time Online
    1 h 30 m
    Rep Power
    0
    Gamer IDs

    Gamertag: DarkByt3 PSN ID: raredaredevil
    If I had access to the ful database I would just inject a neomail for the lulz with output xD again I do not know enough about this I have seen the same vid as u from defcon but its not my area xD

  7. #6




    Join Date
    Dec 2011
    Gender
    Location
    rdisk(0)partition(1)
    Posts
    92
    Thanks
    161
    Thanked 172 Times in 63 Posts


    Downloads
    32
    Uploads
    3
    Mentioned
    87 Post(s)
    Time Online
    17 d 12 h 5 m
    Avg. Time Online
    13 m
    Rep Power
    7
    dang, I need NC to play blumaroll. well nevermind

  8. #7
    Banned
    Join Date
    Jun 2012
    Gender
    Location
    90 90
    Age
    31
    Posts
    1,714
    Thanks
    876
    Thanked 2,877 Times in 1,139 Posts


    Downloads
    44
    Uploads
    1
    Mentioned
    562 Post(s)
    Time Online
    118 d 6 h 45 m
    Avg. Time Online
    1 h 30 m
    Rep Power
    0
    Gamer IDs

    Gamertag: DarkByt3 PSN ID: raredaredevil
    When I played it i used a new account with the free 150nc then another 100nc from the game challenge event thing , is this stopped now?

  9. #8




    Join Date
    Dec 2011
    Gender
    Location
    rdisk(0)partition(1)
    Posts
    92
    Thanks
    161
    Thanked 172 Times in 63 Posts


    Downloads
    32
    Uploads
    3
    Mentioned
    87 Post(s)
    Time Online
    17 d 12 h 5 m
    Avg. Time Online
    13 m
    Rep Power
    7
    Quote Originally Posted by raredaredevil View Post
    When I played it i used a new account with the free 150nc then another 100nc from the game challenge event thing , is this stopped now?
    ah, really? I have not played Neopets since a while. I don't really know (bout the NC), lol.
    Nevermind, I don't actually know how this really works anyway, haha

  10. The Following User Says Thank You to damian002 For This Useful Post:

    DarkByte (12-18-2012)

  11. #9




    hectorvazc's Avatar
    Join Date
    Dec 2011
    Gender
    Location
    Mexico
    Posts
    782
    Thanks
    511
    Thanked 353 Times in 157 Posts


    Downloads
    83
    Uploads
    3
    Mentioned
    93 Post(s)
    Time Online
    63 d 8 h 41 m
    Avg. Time Online
    48 m
    Rep Power
    8
    If I have NC I can gen items with this? :o

  12. #10

    Join Date
    Jun 2012
    Gender
    Posts
    1,131
    Thanks
    182
    Thanked 210 Times in 161 Posts


    Downloads
    0
    Uploads
    0
    Mentioned
    121 Post(s)
    Time Online
    19 d 9 h 4 m
    Avg. Time Online
    14 m
    Rep Power
    7
    Quote Originally Posted by hecvc View Post
    If I have NC I can gen items with this? :o
    If you know exactly what you're doing

  13. The Following 2 Users Say Thank You to Shawn For This Useful Post:

    DarkByte (12-18-2012),hectorvazc (12-18-2012)

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •