Its already reported and will be patched shortly also this is a not a user table injection I would not release that! Use at own risk this is proof of concept. This has only been released as the noob who tried to blackmail me on msn is now try to sell it haha.
p.s its python2.7
---------- Post added at 08:32 AM ---------- Previous post was at 08:19 AM ----------
Just fyi , run client.py and u dont need a neo login to run this. Do not contact me about this release I did not know enough about this stuff myself to even use it. Although I do know its a blind injection (returns no output) what you can do is make the server sleep for 10 seconds using SLEEP(10). Now we can also say..... if(somdatabasevalue) == somevalue then SLEEP(10) , or if(firstletterofsomepassword="a") then SLEEP(10) ect... Again this is just shit Ive read I dont know about this stuff.
If the mods do not want this here , move it to the right place / delete it. But this will be patched in 24 hours and I can assure u no one can access the user table from this database. The best they can do is inject a new prize id into a current active game to another item id to make a item gen. The user table appears to be on 2 different servers.
Last edited by DarkByte; 12-18-2012 at 07:46 AM.
I dont even understand what this is lol
A database is where information from websites is stored , think of it as a memory card for websites.
All you data from username/password game status ect is stored in databases. This exploit lets you execute your own commands via there sql server , so you can insert new info or change old info from your "save file". You should not play with this if you do not know what it does but in reality if u fuck anything up I think you would only break ur blumaroll games (I am not 100% sure of the entire db contents , other stuff may use the same db).
I reported this about 48 hours ago and they have been working on it a long with some other bugs since , so use your vpn and expect it to stop at any second.
Last edited by DarkByte; 12-18-2012 at 07:55 AM.
I'm no hacker, but isn't there a way to have the server email you the output? Or was that something else?
If I had access to the ful database I would just inject a neomail for the lulz with output xD again I do not know enough about this I have seen the same vid as u from defcon but its not my area xD
dang, I need NC to play blumaroll. well nevermind
When I played it i used a new account with the free 150nc then another 100nc from the game challenge event thing , is this stopped now?
If I have NC I can gen items with this? :o