Go Back   EQEmulator Home > EQEmulator Forums > General > General::General Discussion
Reload this Page must read for server ops: vulnerability in charmover

General::General Discussion General discussion about EverQuest(tm), EQEMu, and related topics.
Do not post support topics here.

Reply
 
Thread Tools Display Modes
  #1  
Old 10-14-2009, 10:44 PM
Shin Noir's Avatar
Shin Noir
Legendary Member
  
Join Date: Apr 2002
Location: Seattle, WA
Posts: 506
Default
Quote:
mysql_query() sends a unique query (multiple queries are not supported) to the currently active database on the server that's associated with the specified link_identifier .
Are they using mysql_query()? If so, what's the problem again? Your "blahblahblah'; DROP ALL TABLES;--" example is two queries?
__________________

~Shin Noir
DungeonEQ.com
Reply With Quote
  #2  
Old 10-14-2009, 11:11 PM
KLS
Administrator
  
Join Date: Sep 2006
Posts: 1,348
Default
Quote:
Is this stuff we really want to discuss in an open forum?
Yes, pretty much all vulnerabilities should be public. That way we:

a) Fix them.
b) Learn from them.
c) Get server ops to update their code.
Reply With Quote
  #3  
Old 10-15-2009, 12:21 AM
MNWatchdog
Hill Giant
  
Join Date: Feb 2006
Posts: 179
Default
plus the people who would use this know how to do it already most likely.
Reply With Quote
  #4  
Old 10-15-2009, 12:55 AM
AndMetal
Developer
  
Join Date: Mar 2007
Location: Ohio
Posts: 648
Default
Quote:
Originally Posted by Shin Noir View Post
Are they using mysql_query()? If so, what's the problem again? Your "blahblahblah'; DROP ALL TABLES;--" example is two queries?
The problem is that it's still susceptible to injection. Although you can't just drop the database since it's running through PHP, you can still look for other pieces of data. I don't think it would be appropriate to provide a step-by-step tutorial on how to do this (there are plenty of them on the Internet already), but the idea is you can verify information from the database that you wouldn't normally have access to (mainly passwords and account names).
__________________
GM-Impossible of 'A work in progress'
A non-legit PEQ DB server
How to create your own non-legit server

My Contributions to the Wiki
Reply With Quote
  #5  
Old 10-15-2009, 08:26 AM
airtalking
Fire Beetle
  
Join Date: Oct 2008
Location: bleh
Posts: 18
Default
AndMetal is correct even with access to only 1 query there are still several things that can be abused
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

   

All times are GMT -4. The time now is 02:57 PM.

EQEmulator - Archive - Top

 

Everquest is a registered trademark of Daybreak Game Company LLC.
EQEmulator is not associated or affiliated in any way with Daybreak Game Company LLC.
Except where otherwise noted, this site is licensed under a Creative Commons License.
       
Powered by vBulletin®, Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
Template by Bluepearl Design and vBulletin Templates - Ver3.3