Mysql sqli injection

Jimmi · September 2, 2015

Problema intalnita (descriere):Am instalat dintr-un gm un sistem de trunk.Ehh, cel care detinea gm sa enervat ca sistemul a ajuns pe net, si el facuse cumva invulnerabilitate la sistem, doar el stie.
Ero(area / rile) / warning-(ul / urile):Cumva isi da admin de cand e sistemul /trunk.
Liniile de cod / sursa / script-ul(obligatoriu):

if( dialogid == DIALOG_TRUNK)
	{
	    if( response )
	    {
	        gString[ 0 ] = ( EOS );
	        strcat( gString, "{5c94e8}1.{FFFFFF} Verifica portbagaj\n{5c94e8}2.{FFFFFF} Depune arme\n{5c94e8}3.{FFFFFF} Depune droguri\n{5c94e8}4.{FFFFFF} Depune materiale" );
	        strcat( gString, "\n{5c94e8}5.{FFFFFF} Scoate arme\n{5c94e8}6.{FFFFFF} Scoate droguri\n{5c94e8}7.{FFFFFF} Scoate materiale\n{5c94e8}8.{FFFFFF} Inchide portbagaj" );
	        ShowPlayerDialog(playerid, DIALOG_TRUNK_OPTIUNI, DIALOG_STYLE_LIST, "{5c94e8}PG-Zone:{FFFFFF} Optiuni", gString, "Alege","Iesi");
	    }
	}
	if( dialogid == DIALOG_TRUNK_OPTIUNI)
	{
	    if( response )
	    {
	        if(listitem == 0)
	        {
	            gString[ 0 ] = ( EOS );
		        strcat( gString, "{5c94e8}1.{FFFFFF} Verifica portbagaj\n{5c94e8}2.{FFFFFF} Depune arme\n{5c94e8}3.{FFFFFF} Depune droguri\n{5c94e8}4.{FFFFFF} Depune materiale" );
		        strcat( gString, "\n{5c94e8}5.{FFFFFF} Scoate arme\n{5c94e8}6.{FFFFFF} Scoate droguri\n{5c94e8}7.{FFFFFF} Scoate materiale\n{5c94e8}8.{FFFFFF} Inchide portbagaj" );
		        ShowPlayerDialog(playerid, DIALOG_TRUNK_OPTIUNI, DIALOG_STYLE_LIST, "{5c94e8}PG-Zone:{FFFFFF} Optiuni", gString, "Alege","Iesi");
	        }
	        if(listitem == 1)
	        {
	            new slot1[64], slot2[64], slot3[64];
			    if(vInfo[MasinaTrunkID[playerid]][tSlot1] == 0 ) slot1 = "Nimic";
			    else if(vInfo[MasinaTrunkID[playerid]][tSlot1] != 0 )
				{
					format(gString, sizeof(gString), "%s - %d", vInfo[MasinaTrunkID[playerid]][tWeapon1], vInfo[MasinaTrunkID[playerid]][tWeapon1Ammo]);
				}
			    if(vInfo[MasinaTrunkID[playerid]][tSlot2] == 0 ) slot2 = "Nimic";
			    else if(vInfo[MasinaTrunkID[playerid]][tSlot2] != 0 )
				{
					format(gString, sizeof(gString), "%s - %d", vInfo[MasinaTrunkID[playerid]][tWeapon2], vInfo[MasinaTrunkID[playerid]][tWeapon2Ammo]);
				}
			    if(vInfo[MasinaTrunkID[playerid]][tSlot3] == 0 ) slot3 = "Nimic";
			    else if(vInfo[MasinaTrunkID[playerid]][tSlot3] != 0 )
				{
					format(gString, sizeof(gString), "%s - %d", vInfo[MasinaTrunkID[playerid]][tWeapon3], vInfo[MasinaTrunkID[playerid]][tWeapon3Ammo]);
				}
				format(gString, sizeof(gString), "{5c94e8}1.{FFFFFF} Slot 1: %s\n{5c94e8}2.{FFFFFF} Slot 2: %s\n{5c94e8}3.{FFFFFF} Slot 3: %s", slot1, slot2, slot3);
				ShowPlayerDialog(playerid, DIALOG_TRUNK_DEPUNEARME, DIALOG_STYLE_LIST, "{5c94e8}PG-Zone:{FFFFFF} Optiuni",gString,"Depune","Iesi");
	        }
	        if(listitem == 2)
	        {
				gString[ 0 ] = ( EOS );
				format(gString, sizeof(gString), "{5c94e8}Droguri:{FFFFFF} %d\n\nScrie mai jos cate grame de droguri vrei sa depozitezi:",vInfo[MasinaTrunkID[playerid]][tDrugs]);
	            ShowPlayerDialog(playerid, DIALOG_TRUNK_DEPUNEDRUG, DIALOG_STYLE_INPUT, "{5c94e8}PG-Zone:{FFFFFF} Optiuni",gString,"Depune","Iesi");
	        }
	        if(listitem == 3)
	        {
				gString[ 0 ] = ( EOS );
				format(gString, sizeof(gString), "{5c94e8}Materiale:{FFFFFF} %d\n\nScrie mai jos cate materiale vrei sa depozitezi:",vInfo[MasinaTrunkID[playerid]][tMaterials]);
	            ShowPlayerDialog(playerid, DIALOG_TRUNK_DEPUNEMATS, DIALOG_STYLE_INPUT, "{5c94e8}PG-Zone:{FFFFFF} Optiuni",gString,"Depune","Iesi");
	        }
	        if(listitem == 4)
	        {
	            new slot1[64], slot2[64], slot3[64];
			    if(vInfo[MasinaTrunkID[playerid]][tSlot1] == 0 ) slot1 = "Nimic";
			    else if(vInfo[MasinaTrunkID[playerid]][tSlot1] != 0 )
				{
					format(slot1, sizeof(slot1), "%s - %d", vInfo[MasinaTrunkID[playerid]][tWeapon1], vInfo[MasinaTrunkID[playerid]][tWeapon1Ammo]);
				}
				if(vInfo[MasinaTrunkID[playerid]][tSlot2] == 0 ) slot2 = "Nimic";
			    else if(vInfo[MasinaTrunkID[playerid]][tSlot2] != 0 )
				{
					format(slot2, sizeof(slot2), "%s - %d", vInfo[MasinaTrunkID[playerid]][tWeapon2], vInfo[MasinaTrunkID[playerid]][tWeapon2Ammo]);
				}
				if(vInfo[MasinaTrunkID[playerid]][tSlot3] == 0 ) slot3 = "Nimic";
			    else if(vInfo[MasinaTrunkID[playerid]][tSlot3] != 0 )
				{
					format(slot3, sizeof(slot3), "%s - %d", vInfo[MasinaTrunkID[playerid]][tWeapon3], vInfo[MasinaTrunkID[playerid]][tWeapon3Ammo]);
				}
				format(gString, sizeof(gString), "{5c94e8}1.{FFFFFF} Slot 1: %s\n{5c94e8}2.{FFFFFF} Slot 2: %s\n{5c94e8}3.{FFFFFF} Slot 3: %s", slot1, slot2, slot3);
				ShowPlayerDialog(playerid, DIALOG_TRUNK_SCOATEARME, DIALOG_STYLE_LIST, "{5c94e8}PG-Zone:{FFFFFF} Optiuni",gString,"Extrage","Iesi");
	        }
	        if(listitem == 5)
	        {
				gString[ 0 ] = ( EOS );
				format(gString, sizeof(gString), "{5c94e8}Droguri:{FFFFFF} %d\n\nScrie mai jos cate grame de droguri vrei sa extragi:",vInfo[MasinaTrunkID[playerid]][tDrugs]);
	            ShowPlayerDialog(playerid, DIALOG_TRUNK_SCOATEDRUG, DIALOG_STYLE_INPUT, "{5c94e8}PG-Zone:{FFFFFF} Optiuni",gString,"Extrage","Iesi");
	        }
	        if(listitem == 6)
	        {
				gString[ 0 ] = ( EOS );
				format(gString, sizeof(gString), "{5c94e8}Materials:{FFFFFF} %d\n\nScrie mai jos cate materiale vrei sa extragi:",vInfo[MasinaTrunkID[playerid]][tMaterials]);
	            ShowPlayerDialog(playerid, DIALOG_TRUNK_SCOATEMATS, DIALOG_STYLE_INPUT, "{5c94e8}PG-Zone:{FFFFFF} Optiuni",gString,"Extrage","Iesi");
	        }
	        if(listitem == 7)
	        {
				return 1;
	        }
	    }
	}


	if( dialogid == DIALOG_TRUNK_SCOATEARME )
	{
	    new query[256];
	    if( !response ) return 1;
	    if( listitem == 0 )
	    {
	            if( !vInfo[MasinaTrunkID[playerid]][ tSlot1 ] && !vInfo[MasinaTrunkID[playerid]][ tWeapon1Ammo ] ) return 1;
				format(query, sizeof(string), "UPDATE `vehicles` SET `Slot1`= '0',`Weapon1Ammo` = '0' WHERE `ID`='%d'", MasinaTrunkID[ playerid ]);
				mysql_query(query);
				GivePlayerWeapon( playerid,vInfo[MasinaTrunkID[playerid]][ tSlot1 ], vInfo[MasinaTrunkID[playerid]][ tWeapon1Ammo ] );
				format( vInfo[MasinaTrunkID[playerid]][ tWeapon1 ], 64, "Nimic." );
				SendClientMessage( playerid, -1, "{5c94e8}Info: {FFFFFF} Ai scos arma de pe slotul 1." );
				return 1;
	    }
	    if( listitem == 1 )
	    {
	            if( !vInfo[MasinaTrunkID[playerid]][ tSlot2 ] && !vInfo[MasinaTrunkID[playerid]][ tWeapon2Ammo ] ) return 1;
				format(query, sizeof(string), "UPDATE `vehicles` SET `Slot2`= '0',`Weapon2Ammo` = '0' WHERE `ID`='%d'", MasinaTrunkID[ playerid ]);
				mysql_query(query);
				GivePlayerWeapon( playerid,vInfo[MasinaTrunkID[playerid]][ tSlot2 ], vInfo[MasinaTrunkID[playerid]][ tWeapon2Ammo ] );
				format( vInfo[MasinaTrunkID[playerid]][ tWeapon2 ], 64, "Nimic." );
				SendClientMessage( playerid, -1, "{5c94e8}Info: {FFFFFF} Ai scos arma de pe slotul 2." );
				return 1;
	    }
	    if( listitem == 2 )
	    {
	            if( !vInfo[MasinaTrunkID[playerid]][ tSlot3 ] && !vInfo[MasinaTrunkID[playerid]][ tWeapon3Ammo ] ) return 1;
				format(query, sizeof(string), "UPDATE `vehicles` SET `Slot3`= '0',`Weapon3Ammo` = '0' WHERE `ID`='%d'", MasinaTrunkID[ playerid ]);
				mysql_query(query);
				GivePlayerWeapon( playerid,vInfo[MasinaTrunkID[playerid]][ tSlot3 ], vInfo[MasinaTrunkID[playerid]][ tWeapon3Ammo ] );
				format( vInfo[MasinaTrunkID[playerid]][ tWeapon3 ], 64, "Nimic." );
				SendClientMessage( playerid, -1, "{5c94e8}Info: {FFFFFF} Ai scos arma de pe slotul 3." );
				return 1;
	    }
	    return 1;
	}
		if( dialogid == DIALOG_TRUNK_DEPUNEARME )
	{
	    if( response )
	    {
	        if(listitem == 0)
	        {
	            new slot1[64], slot2[64], slot3[64];
	            new armaid = GetPlayerWeapon(playerid);
	            if( armaid == 0 ) return 1;
	            new arma[64];
				new ammo = GetPlayerAmmo(playerid);
	            GetWeaponNameEx( armaid, arma, sizeof( arma ) );
	            new query[256];
				format(query, sizeof(string), "UPDATE `vehicles` SET `Slot1`= '%d',`Weapon1` = '%s',`Weapon1Ammo` = '%d' WHERE `ID`='%d'", armaid, arma, ammo, MasinaTrunkID[ playerid ]);
				mysql_query(query);
				RemovePlayerWeapon(playerid, armaid);
				vInfo[MasinaTrunkID[playerid]][ tSlot1 ] = armaid;
				vInfo[MasinaTrunkID[playerid]][ tWeapon1Ammo ] = ammo;
				format( vInfo[MasinaTrunkID[playerid]][ tWeapon1 ], 64, arma );

				gString[ 0 ] = ( EOS );
	            if(vInfo[MasinaTrunkID[playerid]][tSlot1] == 0 ) slot1 = "Nimic";
                else if(vInfo[MasinaTrunkID[playerid]][tSlot1] != 0 )
				{
					format(slot1, sizeof(slot1), "%s - %d", arma, ammo);
				}
				if(vInfo[MasinaTrunkID[playerid]][tSlot2] == 0 ) slot2 = "Nimic";
			    else if(vInfo[MasinaTrunkID[playerid]][tSlot2] != 0 )
				{
					format(slot3, sizeof(slot3), "%s - %d", vInfo[MasinaTrunkID[playerid]][tWeapon2], vInfo[MasinaTrunkID[playerid]][tWeapon2Ammo]);
				}
				if(vInfo[MasinaTrunkID[playerid]][tSlot3] == 0 ) slot3 = "Nimic";
			    else if(vInfo[MasinaTrunkID[playerid]][tSlot3] != 0 )
				{
					format(slot3, sizeof(slot3), "%s - %d", vInfo[MasinaTrunkID[playerid]][tWeapon3], vInfo[MasinaTrunkID[playerid]][tWeapon3Ammo]);
				}
				format(gString, sizeof(gString), "{5c94e8}1.{FFFFFF} Slot 1: %s\n{5c94e8}2.{FFFFFF} Slot 2: %s\n{5c94e8}3.{FFFFFF} Slot 3: %s", slot1, slot2, slot3);
	            ShowPlayerDialog(playerid, DIALOG_TRUNK_DEPUNEARME, DIALOG_STYLE_LIST, "{5c94e8}PG-Zone:{FFFFFF} Optiuni",gString,"Depune","Iesi");
	        }
	        if(listitem == 1)
	        {
	            new slot1[64], slot2[64], slot3[64];
	            new armaid = GetPlayerWeapon(playerid);
	            if( armaid == 0 ) return 1;
	            new arma[64];
	            new query[256];
				new ammo = GetPlayerAmmo(playerid);
	            GetWeaponNameEx( armaid, arma, sizeof( arma ) );
				vInfo[MasinaTrunkID[playerid]][ tSlot2 ] = armaid;
				vInfo[MasinaTrunkID[playerid]][ tWeapon2Ammo ] = ammo;
				format( vInfo[MasinaTrunkID[playerid]][ tWeapon2 ], 64, arma );
	            gString[ 0 ] = ( EOS );
	            format(query, sizeof(string), "UPDATE `vehicles` SET `Slot2`= '%d',`Weapon2` = '%s',`Weapon2Ammo` = '%d' WHERE `ID`='%d'", armaid, arma, ammo, MasinaTrunkID[ playerid ]);
				mysql_query(query);
				RemovePlayerWeapon(playerid, armaid);
	            if(vInfo[MasinaTrunkID[playerid]][tSlot1] == 0 ) slot1 = "Nimic";
                else if(vInfo[MasinaTrunkID[playerid]][tSlot1] != 0 )
				{
					format(slot1, sizeof(slot1), "%s - %d", vInfo[MasinaTrunkID[playerid]][tWeapon1], vInfo[MasinaTrunkID[playerid]][tWeapon1Ammo]);
				}
				if(vInfo[MasinaTrunkID[playerid]][tSlot2] == 0 ) slot2 = "Nimic";
			    else if(vInfo[MasinaTrunkID[playerid]][tSlot2] != 0 )
				{
					format(slot3, sizeof(slot3), "%s - %d", arma, ammo );
				}
				if(vInfo[MasinaTrunkID[playerid]][tSlot3] == 0 ) slot3 = "Nimic";
			    else if(vInfo[MasinaTrunkID[playerid]][tSlot3] != 0 )
				{
					format(slot3, sizeof(slot3), "%s - %d", vInfo[MasinaTrunkID[playerid]][tWeapon3], vInfo[MasinaTrunkID[playerid]][tWeapon3Ammo]);
				}
				format(gString, sizeof(gString), "{5c94e8}1.{FFFFFF} Slot 1: %s\n{5c94e8}2.{FFFFFF} Slot 2: %s\n{5c94e8}3.{FFFFFF} Slot 3: %s", slot1, slot2, slot3);
	            ShowPlayerDialog(playerid, DIALOG_TRUNK_DEPUNEARME, DIALOG_STYLE_LIST, "{5c94e8}PG-Zone:{FFFFFF} Optiuni",gString,"Depune","Iesi");
	        }
	        if(listitem == 2)
	        {
	            new slot1[64], slot2[64], slot3[64];
	            new armaid = GetPlayerWeapon(playerid);
	            if( armaid == 0 ) return 1;
	            new arma[64];
	            new query[256];
				new ammo = GetPlayerAmmo(playerid);
	            GetWeaponNameEx( armaid, arma, sizeof( arma ) );
				vInfo[MasinaTrunkID[playerid]][ tSlot3 ] = armaid;
				vInfo[MasinaTrunkID[playerid]][ tWeapon3Ammo ] = ammo;
				format( vInfo[MasinaTrunkID[playerid]][ tWeapon3 ], 64, arma );
	            gString[ 0 ] = ( EOS );
				format(query, sizeof(string), "UPDATE `vehicles` SET `Slot3`= '%d',`Weapon3` = '%s',`Weapon3Ammo` = '%d' WHERE `ID`='%d'", armaid, arma, ammo, MasinaTrunkID[ playerid ]);
				mysql_query(query);
				RemovePlayerWeapon(playerid, armaid);
	            if(vInfo[MasinaTrunkID[playerid]][tSlot1] == 0 ) slot1 = "Nimic";
                else if(vInfo[MasinaTrunkID[playerid]][tSlot1] != 0 )
				{
					format(slot1, sizeof(slot1), "%s - %d", vInfo[MasinaTrunkID[playerid]][tWeapon1], vInfo[MasinaTrunkID[playerid]][tWeapon1Ammo]);
				}
				if(vInfo[MasinaTrunkID[playerid]][tSlot2] == 0 ) slot2 = "Nimic";
			    else if(vInfo[MasinaTrunkID[playerid]][tSlot2] != 0 )
				{
					format(slot3, sizeof(slot3), "%s - %d", vInfo[MasinaTrunkID[playerid]][tWeapon2], vInfo[MasinaTrunkID[playerid]][tWeapon2Ammo]);
				}
				if(vInfo[MasinaTrunkID[playerid]][tSlot3] == 0 ) slot3 = "Nimic";
			    else if(vInfo[MasinaTrunkID[playerid]][tSlot3] != 0 )
				{
					format(slot3, sizeof(slot3), "%s - %d", arma, ammo );
				}
				format(gString, sizeof(gString), "{5c94e8}1.{FFFFFF} Slot 1: %s\n{5c94e8}2.{FFFFFF} Slot 2: %s\n{5c94e8}3.{FFFFFF} Slot 3: %s", slot1, slot2, slot3);
	            ShowPlayerDialog(playerid, DIALOG_TRUNK_DEPUNEARME, DIALOG_STYLE_LIST, "{5c94e8}PG-Zone:{FFFFFF} Optiuni",gString,"Depune","Iesi");
	        }
	    }
	}

	if( dialogid == DIALOG_TRUNK_SCOATEDRUG )
	{
	    if( !response ) return 1;
	    new valoarea = strval(inputtext);
	    if( vInfo[MasinaTrunkID[playerid]][tDrugs] < valoarea ) return 1;
	    if(valoarea < 0) return SendClientMessage(playerid, -1, "{5c94e8}Info:{FFFFFF} Nu poti sa extragi sume negative. * Incercare de usualy bug abuse.");
	    vInfo[MasinaTrunkID[playerid]][tDrugs] -= valoarea;
		PlayerInfo[playerid][pDrugs] += valoarea;
		new query[256];
		format(query, sizeof(string), "UPDATE `vehicles` SET `Drugs`= '%d' WHERE `ID`='%d'", vInfo[MasinaTrunkID[playerid]][tDrugs]);
		mysql_query(query);
		format(query, sizeof(string), "UPDATE `players` SET `Drugs`= '%d' WHERE `ID`='%d'",PlayerInfo[playerid][pDrugs], playerid);
		mysql_query(query);
		format( string, sizeof( string ), "{5c94e8}Info: {FFFFFF} Ai scos %d droguri.", valoarea );
	    return 1;
	}


	if( dialogid == DIALOG_TRUNK_SCOATEMATS )
	{
	    if( !response ) return 1;
	    new valoarea = strval(inputtext);
	    if( vInfo[MasinaTrunkID[playerid]][tMaterials] < valoarea ) return 1;
	    if (valoarea < 0) return SendClientMessage(playerid, -1, "{5c94e8}Info:{FFFFFF} Nu poti sa extragi sume negative. * Incercare de usualy bug abuse.");
	    vInfo[MasinaTrunkID[playerid]][tMaterials] -= valoarea;
		PlayerInfo[playerid][pMats] += valoarea;
		new query[256];
		format(query, sizeof(string), "UPDATE `vehicles` SET `Materials`= '%d' WHERE `ID`='%d'", vInfo[MasinaTrunkID[playerid]][tMaterials]);
		mysql_query(query);
		format(query, sizeof(string), "UPDATE `players` SET `Materials`= '%d' WHERE `ID`='%d'",PlayerInfo[playerid][pMats], playerid);
		mysql_query(query);
		format( string, sizeof( string ), "{5c94e8}Info: {FFFFFF} Ai scos %d materiale.", valoarea );
	    return 1;
	}
	if( dialogid == DIALOG_TRUNK_DEPUNEDRUG )
	{
	    if( !response ) return 1;
	    new valoarea = strval(inputtext);
	    if( PlayerInfo[playerid][pDrugs] < valoarea ) return 1;
	    if (valoarea < 0) return SendClientMessage(playerid, -1, "{5c94e8}Info:{FFFFFF} Nu poti sa depui sume negative. * Incercare de usualy bug abuse.");
	    vInfo[MasinaTrunkID[playerid]][tDrugs] += valoarea;
		PlayerInfo[playerid][pDrugs] -= valoarea;
		new query[256];
		format(query, sizeof(string), "UPDATE `vehicles` SET `Drugs`= '%d' WHERE `ID`='%d'", vInfo[MasinaTrunkID[playerid]][tDrugs]);
		mysql_query(query);
		format(query, sizeof(string), "UPDATE `players` SET `Drugs`= '%d' WHERE `ID`='%d'",PlayerInfo[playerid][pDrugs], playerid);
		mysql_query(query);
		format( string, sizeof( string ), "{5c94e8}Info: {FFFFFF} Ai depus %d droguri.", valoarea );
		return 1;
	}
	if( dialogid == DIALOG_TRUNK_DEPUNEMATS )
	{
	    if( !response ) return 1;
	    new valoarea = strval(inputtext);
	    if( PlayerInfo[playerid][pMats] < valoarea ) return 1;
	    if (valoarea < 0) return SendClientMessage(playerid, -1, "{5c94e8}Info:{FFFFFF} Nu poti sa depui sume negative. * Incercare de usualy bug abuse.");
	    vInfo[MasinaTrunkID[playerid]][tMaterials] += valoarea;
		PlayerInfo[playerid][pMats] -= valoarea;
		new query[256];
		format(query, sizeof(string), "UPDATE `vehicles` SET `Materials`= '%d' WHERE `ID`='%d'", vInfo[MasinaTrunkID[playerid]][tMaterials]);
		mysql_query(query);
	    format(query, sizeof(string), "UPDATE `players` SET `Materials`= '%d' WHERE `ID`='%d'",PlayerInfo[playerid][pMats], playerid);
		mysql_query(query);
		format( string, sizeof( string ), "{5c94e8}Info: {FFFFFF} Ai depus %d materiale.", valoarea );
        return 1;
	}

Imagini / Video (optional):Am vazut asta pe youtube. https://www.youtube.com/watch?v=sSdb74c_g7g
Ati incercat sa rezolvati singur?:Da, dar nu am idee, nu mi se pare nimica neobisnuit

Mie nu mi se pare nimica neobisnuit la dialogurile astea

Andrey23. · September 2, 2015

Sall.

M-am uitat si eu prin script , asa repede nu am vazut nici o vulnerabilitare.

Poate ai in alta parte vulnerabilitate in gm .

Jimmi · September 2, 2015

nu cred.Sv exista de mult si pana acuma nu a fost problema asta

Andrey23. · September 2, 2015

Da-mi si mie un pm cu gm`ul sa ma uit sa vad,

kwnx · September 3, 2015

Foloseste mysql_escape_string.

Un exemplu:

new security[24];
mysql_escape_string(inputtext, security);
format(str, sizeof(str), "UPDATE `Users` SET `NewName` = '%s' WHERE `Name` = '%s'", security, GetName(playerid));
mysql_string(sql, str);

Edited September 3, 2015 by KnowN

Punct. · September 3, 2015

Sau incearca sa pui o limita de caractere la textul introdus in acel dialog.

Din cate am inteles din videoclip, cred ca la dialogul cu depunerea materialelor e vulnerabilitatea

Jimmi · September 3, 2015

ce am pus eu mai sus e problema.De cand e /trunk a aparut invulnerabilitatea.Azi a dat copilul ala prost bani 9999999999 si admin level 8 la tot server-ul

NoNamed · September 4, 2015

ce am pus eu mai sus e problema.De cand e /trunk a aparut invulnerabilitatea.Azi a dat copilul ala prost bani 9999999999 si admin level 8 la tot server-ul

Nu te pune nimeni sa iei sistemele de pe net in loc sa incerci sa-ti faci tu unul, astea sunt consecintele . Posteaza comanda /trunk .

EquiNoxAdv · September 4, 2015

Nu cred ca este posibila chestia asta. Ori are ala parola de la phpmyadmin , ori ai tu comenzi ascunse in gamemode si nu sti , ori are parola de la contul tau. Comanda aia am analizat-o si nu are vulnerabilitate SQL. Verifica ce ti-am spus mai sus , si pune log-uri pe comenzi.

kwnx · September 4, 2015

Nu cred ca este posibila chestia asta. Ori are ala parola de la phpmyadmin , ori ai tu comenzi ascunse in gamemode si nu sti , ori are parola de la contul tau. Comanda aia am analizat-o si nu are vulnerabilitate SQL. Verifica ce ti-am spus mai sus , si pune log-uri pe comenzi.

Comenzi ascunse? Parola de la phpmyadmin? Taci ba ...

Foloseste sql-injection, de care @‌Jimmi nu are protectie.

Edited September 4, 2015 by KnowN

EquiNoxAdv · September 4, 2015

Comenzi ascunse? Parola de la phpmyadmin? Taci ba ...
Foloseste sql-injection, de care @‌Jimmi nu are protective.

KnowN , eu i-am zis ce s-ar putea sa fie , comanda aia nu este vulnerabila. Poate are alte comenzi , nu stiu , el s-a jucat pe acolo.

Edited September 4, 2015 by EquiNox

Jimmi · September 4, 2015

El da cumva bani admin tot la useri.....Cum naiba altcumva decat daca nu printr-un dialog la /trunk.

A si zis(Scoti sistemul, problema rezolvata)

kwnx · September 4, 2015

El da cumva bani admin tot la useri.....Cum naiba altcumva decat daca nu printr-un dialog la /trunk.
A si zis(Scoti sistemul, problema rezolvata)

Exact ce spuneam, SQL-Injection.

Daca totusi nu ai inteles, uite aici:

if( dialogid == DIALOG_TRUNK)
{
     if( response )
     {
         gString[ 0 ] = ( EOS );
         strcat( gString, "{5c94e8}1.{FFFFFF} Verifica portbagaj\n{5c94e8}2.{FFFFFF} Depune arme\n{5c94e8}3.{FFFFFF} Depune droguri\n{5c94e8}4.{FFFFFF} Depune materiale" );
         strcat( gString, "\n{5c94e8}5.{FFFFFF} Scoate arme\n{5c94e8}6.{FFFFFF} Scoate droguri\n{5c94e8}7.{FFFFFF} Scoate materiale\n{5c94e8}8.{FFFFFF} Inchide portbagaj" );
         ShowPlayerDialog(playerid, DIALOG_TRUNK_OPTIUNI, DIALOG_STYLE_LIST, "{5c94e8}PG-Zone:{FFFFFF} Optiuni", gString, "Alege","Iesi");
     }
}
if( dialogid == DIALOG_TRUNK_OPTIUNI)
{
     if( response )
     {
         if(listitem == 0)
         {
             gString[ 0 ] = ( EOS );
          strcat( gString, "{5c94e8}1.{FFFFFF} Verifica portbagaj\n{5c94e8}2.{FFFFFF} Depune arme\n{5c94e8}3.{FFFFFF} Depune droguri\n{5c94e8}4.{FFFFFF} Depune materiale" );
          strcat( gString, "\n{5c94e8}5.{FFFFFF} Scoate arme\n{5c94e8}6.{FFFFFF} Scoate droguri\n{5c94e8}7.{FFFFFF} Scoate materiale\n{5c94e8}8.{FFFFFF} Inchide portbagaj" );
          ShowPlayerDialog(playerid, DIALOG_TRUNK_OPTIUNI, DIALOG_STYLE_LIST, "{5c94e8}PG-Zone:{FFFFFF} Optiuni", gString, "Alege","Iesi");
         }
         if(listitem == 1)
         {
             new slot1[64], slot2[64], slot3[64];
       if(vInfo[MasinaTrunkID[playerid]][tSlot1] == 0 ) slot1 = "Nimic";
       else if(vInfo[MasinaTrunkID[playerid]][tSlot1] != 0 )
    {
     format(gString, sizeof(gString), "%s - %d", vInfo[MasinaTrunkID[playerid]][tWeapon1], vInfo[MasinaTrunkID[playerid]][tWeapon1Ammo]);
    }
       if(vInfo[MasinaTrunkID[playerid]][tSlot2] == 0 ) slot2 = "Nimic";
       else if(vInfo[MasinaTrunkID[playerid]][tSlot2] != 0 )
    {
     format(gString, sizeof(gString), "%s - %d", vInfo[MasinaTrunkID[playerid]][tWeapon2], vInfo[MasinaTrunkID[playerid]][tWeapon2Ammo]);
    }
       if(vInfo[MasinaTrunkID[playerid]][tSlot3] == 0 ) slot3 = "Nimic";
       else if(vInfo[MasinaTrunkID[playerid]][tSlot3] != 0 )
    {
     format(gString, sizeof(gString), "%s - %d", vInfo[MasinaTrunkID[playerid]][tWeapon3], vInfo[MasinaTrunkID[playerid]][tWeapon3Ammo]);
    }
    format(gString, sizeof(gString), "{5c94e8}1.{FFFFFF} Slot 1: %s\n{5c94e8}2.{FFFFFF} Slot 2: %s\n{5c94e8}3.{FFFFFF} Slot 3: %s", slot1, slot2, slot3);
    ShowPlayerDialog(playerid, DIALOG_TRUNK_DEPUNEARME, DIALOG_STYLE_LIST, "{5c94e8}PG-Zone:{FFFFFF} Optiuni",gString,"Depune","Iesi");
         }
         if(listitem == 2)
         {
    gString[ 0 ] = ( EOS );
    format(gString, sizeof(gString), "{5c94e8}Droguri:{FFFFFF} %d\n\nScrie mai jos cate grame de droguri vrei sa depozitezi:",vInfo[MasinaTrunkID[playerid]][tDrugs]);
             ShowPlayerDialog(playerid, DIALOG_TRUNK_DEPUNEDRUG, DIALOG_STYLE_INPUT, "{5c94e8}PG-Zone:{FFFFFF} Optiuni",gString,"Depune","Iesi");
         }
         if(listitem == 3)
         {
    gString[ 0 ] = ( EOS );
    format(gString, sizeof(gString), "{5c94e8}Materiale:{FFFFFF} %d\n\nScrie mai jos cate materiale vrei sa depozitezi:",vInfo[MasinaTrunkID[playerid]][tMaterials]);
             ShowPlayerDialog(playerid, DIALOG_TRUNK_DEPUNEMATS, DIALOG_STYLE_INPUT, "{5c94e8}PG-Zone:{FFFFFF} Optiuni",gString,"Depune","Iesi");
         }
         if(listitem == 4)
         {
             new slot1[64], slot2[64], slot3[64];
       if(vInfo[MasinaTrunkID[playerid]][tSlot1] == 0 ) slot1 = "Nimic";
       else if(vInfo[MasinaTrunkID[playerid]][tSlot1] != 0 )
    {
     format(slot1, sizeof(slot1), "%s - %d", vInfo[MasinaTrunkID[playerid]][tWeapon1], vInfo[MasinaTrunkID[playerid]][tWeapon1Ammo]);
    }
    if(vInfo[MasinaTrunkID[playerid]][tSlot2] == 0 ) slot2 = "Nimic";
       else if(vInfo[MasinaTrunkID[playerid]][tSlot2] != 0 )
    {
     format(slot2, sizeof(slot2), "%s - %d", vInfo[MasinaTrunkID[playerid]][tWeapon2], vInfo[MasinaTrunkID[playerid]][tWeapon2Ammo]);
    }
    if(vInfo[MasinaTrunkID[playerid]][tSlot3] == 0 ) slot3 = "Nimic";
       else if(vInfo[MasinaTrunkID[playerid]][tSlot3] != 0 )
    {
     format(slot3, sizeof(slot3), "%s - %d", vInfo[MasinaTrunkID[playerid]][tWeapon3], vInfo[MasinaTrunkID[playerid]][tWeapon3Ammo]);
    }
    format(gString, sizeof(gString), "{5c94e8}1.{FFFFFF} Slot 1: %s\n{5c94e8}2.{FFFFFF} Slot 2: %s\n{5c94e8}3.{FFFFFF} Slot 3: %s", slot1, slot2, slot3);
    ShowPlayerDialog(playerid, DIALOG_TRUNK_SCOATEARME, DIALOG_STYLE_LIST, "{5c94e8}PG-Zone:{FFFFFF} Optiuni",gString,"Extrage","Iesi");
         }
         if(listitem == 5)
         {
    gString[ 0 ] = ( EOS );
    format(gString, sizeof(gString), "{5c94e8}Droguri:{FFFFFF} %d\n\nScrie mai jos cate grame de droguri vrei sa extragi:",vInfo[MasinaTrunkID[playerid]][tDrugs]);
             ShowPlayerDialog(playerid, DIALOG_TRUNK_SCOATEDRUG, DIALOG_STYLE_INPUT, "{5c94e8}PG-Zone:{FFFFFF} Optiuni",gString,"Extrage","Iesi");
         }
         if(listitem == 6)
         {
    gString[ 0 ] = ( EOS );
    format(gString, sizeof(gString), "{5c94e8}Materials:{FFFFFF} %d\n\nScrie mai jos cate materiale vrei sa extragi:",vInfo[MasinaTrunkID[playerid]][tMaterials]);
             ShowPlayerDialog(playerid, DIALOG_TRUNK_SCOATEMATS, DIALOG_STYLE_INPUT, "{5c94e8}PG-Zone:{FFFFFF} Optiuni",gString,"Extrage","Iesi");
         }
         if(listitem == 7)
         {
    return 1;
         }
     }
}

if( dialogid == DIALOG_TRUNK_SCOATEARME )
{
     new query[256];
     if( !response ) return 1;
     if( listitem == 0 )
     {
             if( !vInfo[MasinaTrunkID[playerid]][ tSlot1 ] && !vInfo[MasinaTrunkID[playerid]][ tWeapon1Ammo ] ) return 1;
    format(query, sizeof(string), "UPDATE `vehicles` SET `Slot1`= '0',`Weapon1Ammo` = '0' WHERE `ID`='%d'", MasinaTrunkID[ playerid ]);
    mysql_query(query);
    GivePlayerWeapon( playerid,vInfo[MasinaTrunkID[playerid]][ tSlot1 ], vInfo[MasinaTrunkID[playerid]][ tWeapon1Ammo ] );
    format( vInfo[MasinaTrunkID[playerid]][ tWeapon1 ], 64, "Nimic." );
    SendClientMessage( playerid, -1, "{5c94e8}Info: {FFFFFF} Ai scos arma de pe slotul 1." );
    return 1;
     }
     if( listitem == 1 )
     {
             if( !vInfo[MasinaTrunkID[playerid]][ tSlot2 ] && !vInfo[MasinaTrunkID[playerid]][ tWeapon2Ammo ] ) return 1;
    format(query, sizeof(string), "UPDATE `vehicles` SET `Slot2`= '0',`Weapon2Ammo` = '0' WHERE `ID`='%d'", MasinaTrunkID[ playerid ]);
    mysql_query(query);
    GivePlayerWeapon( playerid,vInfo[MasinaTrunkID[playerid]][ tSlot2 ], vInfo[MasinaTrunkID[playerid]][ tWeapon2Ammo ] );
    format( vInfo[MasinaTrunkID[playerid]][ tWeapon2 ], 64, "Nimic." );
    SendClientMessage( playerid, -1, "{5c94e8}Info: {FFFFFF} Ai scos arma de pe slotul 2." );
    return 1;
     }
     if( listitem == 2 )
     {
             if( !vInfo[MasinaTrunkID[playerid]][ tSlot3 ] && !vInfo[MasinaTrunkID[playerid]][ tWeapon3Ammo ] ) return 1;
    format(query, sizeof(string), "UPDATE `vehicles` SET `Slot3`= '0',`Weapon3Ammo` = '0' WHERE `ID`='%d'", MasinaTrunkID[ playerid ]);
    mysql_query(query);
    GivePlayerWeapon( playerid,vInfo[MasinaTrunkID[playerid]][ tSlot3 ], vInfo[MasinaTrunkID[playerid]][ tWeapon3Ammo ] );
    format( vInfo[MasinaTrunkID[playerid]][ tWeapon3 ], 64, "Nimic." );
    SendClientMessage( playerid, -1, "{5c94e8}Info: {FFFFFF} Ai scos arma de pe slotul 3." );
    return 1;
     }
     return 1;
}
  if( dialogid == DIALOG_TRUNK_DEPUNEARME )
{
     if( response )
     {
         if(listitem == 0)
         {
             new slot1[64], slot2[64], slot3[64];
             new armaid = GetPlayerWeapon(playerid);
             if( armaid == 0 ) return 1;
             new arma[64];
    new ammo = GetPlayerAmmo(playerid);
             GetWeaponNameEx( armaid, arma, sizeof( arma ) );
             new query[256];
    format(query, sizeof(string), "UPDATE `vehicles` SET `Slot1`= '%d',`Weapon1` = '%s',`Weapon1Ammo` = '%d' WHERE `ID`='%d'", armaid, arma, ammo, MasinaTrunkID[ playerid ]);
    mysql_query(query);
    RemovePlayerWeapon(playerid, armaid);
    vInfo[MasinaTrunkID[playerid]][ tSlot1 ] = armaid;
    vInfo[MasinaTrunkID[playerid]][ tWeapon1Ammo ] = ammo;
    format( vInfo[MasinaTrunkID[playerid]][ tWeapon1 ], 64, arma );
    gString[ 0 ] = ( EOS );
             if(vInfo[MasinaTrunkID[playerid]][tSlot1] == 0 ) slot1 = "Nimic";
                else if(vInfo[MasinaTrunkID[playerid]][tSlot1] != 0 )
    {
     format(slot1, sizeof(slot1), "%s - %d", arma, ammo);
    }
    if(vInfo[MasinaTrunkID[playerid]][tSlot2] == 0 ) slot2 = "Nimic";
       else if(vInfo[MasinaTrunkID[playerid]][tSlot2] != 0 )
    {
     format(slot3, sizeof(slot3), "%s - %d", vInfo[MasinaTrunkID[playerid]][tWeapon2], vInfo[MasinaTrunkID[playerid]][tWeapon2Ammo]);
    }
    if(vInfo[MasinaTrunkID[playerid]][tSlot3] == 0 ) slot3 = "Nimic";
       else if(vInfo[MasinaTrunkID[playerid]][tSlot3] != 0 )
    {
     format(slot3, sizeof(slot3), "%s - %d", vInfo[MasinaTrunkID[playerid]][tWeapon3], vInfo[MasinaTrunkID[playerid]][tWeapon3Ammo]);
    }
    format(gString, sizeof(gString), "{5c94e8}1.{FFFFFF} Slot 1: %s\n{5c94e8}2.{FFFFFF} Slot 2: %s\n{5c94e8}3.{FFFFFF} Slot 3: %s", slot1, slot2, slot3);
             ShowPlayerDialog(playerid, DIALOG_TRUNK_DEPUNEARME, DIALOG_STYLE_LIST, "{5c94e8}PG-Zone:{FFFFFF} Optiuni",gString,"Depune","Iesi");
         }
         if(listitem == 1)
         {
             new slot1[64], slot2[64], slot3[64];
             new armaid = GetPlayerWeapon(playerid);
             if( armaid == 0 ) return 1;
             new arma[64];
             new query[256];
    new ammo = GetPlayerAmmo(playerid);
             GetWeaponNameEx( armaid, arma, sizeof( arma ) );
    vInfo[MasinaTrunkID[playerid]][ tSlot2 ] = armaid;
    vInfo[MasinaTrunkID[playerid]][ tWeapon2Ammo ] = ammo;
    format( vInfo[MasinaTrunkID[playerid]][ tWeapon2 ], 64, arma );
             gString[ 0 ] = ( EOS );
             format(query, sizeof(string), "UPDATE `vehicles` SET `Slot2`= '%d',`Weapon2` = '%s',`Weapon2Ammo` = '%d' WHERE `ID`='%d'", armaid, arma, ammo, MasinaTrunkID[ playerid ]);
    mysql_query(query);
    RemovePlayerWeapon(playerid, armaid);
             if(vInfo[MasinaTrunkID[playerid]][tSlot1] == 0 ) slot1 = "Nimic";
                else if(vInfo[MasinaTrunkID[playerid]][tSlot1] != 0 )
    {
     format(slot1, sizeof(slot1), "%s - %d", vInfo[MasinaTrunkID[playerid]][tWeapon1], vInfo[MasinaTrunkID[playerid]][tWeapon1Ammo]);
    }
    if(vInfo[MasinaTrunkID[playerid]][tSlot2] == 0 ) slot2 = "Nimic";
       else if(vInfo[MasinaTrunkID[playerid]][tSlot2] != 0 )
    {
     format(slot3, sizeof(slot3), "%s - %d", arma, ammo );
    }
    if(vInfo[MasinaTrunkID[playerid]][tSlot3] == 0 ) slot3 = "Nimic";
       else if(vInfo[MasinaTrunkID[playerid]][tSlot3] != 0 )
    {
     format(slot3, sizeof(slot3), "%s - %d", vInfo[MasinaTrunkID[playerid]][tWeapon3], vInfo[MasinaTrunkID[playerid]][tWeapon3Ammo]);
    }
    format(gString, sizeof(gString), "{5c94e8}1.{FFFFFF} Slot 1: %s\n{5c94e8}2.{FFFFFF} Slot 2: %s\n{5c94e8}3.{FFFFFF} Slot 3: %s", slot1, slot2, slot3);
             ShowPlayerDialog(playerid, DIALOG_TRUNK_DEPUNEARME, DIALOG_STYLE_LIST, "{5c94e8}PG-Zone:{FFFFFF} Optiuni",gString,"Depune","Iesi");
         }
         if(listitem == 2)
         {
             new slot1[64], slot2[64], slot3[64];
             new armaid = GetPlayerWeapon(playerid);
             if( armaid == 0 ) return 1;
             new arma[64];
             new query[256];
    new ammo = GetPlayerAmmo(playerid);
             GetWeaponNameEx( armaid, arma, sizeof( arma ) );
    vInfo[MasinaTrunkID[playerid]][ tSlot3 ] = armaid;
    vInfo[MasinaTrunkID[playerid]][ tWeapon3Ammo ] = ammo;
    format( vInfo[MasinaTrunkID[playerid]][ tWeapon3 ], 64, arma );
             gString[ 0 ] = ( EOS );
    format(query, sizeof(string), "UPDATE `vehicles` SET `Slot3`= '%d',`Weapon3` = '%s',`Weapon3Ammo` = '%d' WHERE `ID`='%d'", armaid, arma, ammo, MasinaTrunkID[ playerid ]);
    mysql_query(query);
    RemovePlayerWeapon(playerid, armaid);
             if(vInfo[MasinaTrunkID[playerid]][tSlot1] == 0 ) slot1 = "Nimic";
                else if(vInfo[MasinaTrunkID[playerid]][tSlot1] != 0 )
    {
     format(slot1, sizeof(slot1), "%s - %d", vInfo[MasinaTrunkID[playerid]][tWeapon1], vInfo[MasinaTrunkID[playerid]][tWeapon1Ammo]);
    }
    if(vInfo[MasinaTrunkID[playerid]][tSlot2] == 0 ) slot2 = "Nimic";
       else if(vInfo[MasinaTrunkID[playerid]][tSlot2] != 0 )
    {
     format(slot3, sizeof(slot3), "%s - %d", vInfo[MasinaTrunkID[playerid]][tWeapon2], vInfo[MasinaTrunkID[playerid]][tWeapon2Ammo]);
    }
    if(vInfo[MasinaTrunkID[playerid]][tSlot3] == 0 ) slot3 = "Nimic";
       else if(vInfo[MasinaTrunkID[playerid]][tSlot3] != 0 )
    {
     format(slot3, sizeof(slot3), "%s - %d", arma, ammo );
    }
    format(gString, sizeof(gString), "{5c94e8}1.{FFFFFF} Slot 1: %s\n{5c94e8}2.{FFFFFF} Slot 2: %s\n{5c94e8}3.{FFFFFF} Slot 3: %s", slot1, slot2, slot3);
             ShowPlayerDialog(playerid, DIALOG_TRUNK_DEPUNEARME, DIALOG_STYLE_LIST, "{5c94e8}PG-Zone:{FFFFFF} Optiuni",gString,"Depune","Iesi");
         }
     }
}
if( dialogid == DIALOG_TRUNK_SCOATEDRUG )
{
     if( !response ) return 1;
     new valoarea = strval(inputtext);
     if( vInfo[MasinaTrunkID[playerid]][tDrugs] < valoarea ) return 1;
     if(valoarea < 0) return SendClientMessage(playerid, -1, "{5c94e8}Info:{FFFFFF} Nu poti sa extragi sume negative. * Incercare de usualy bug abuse.");
     vInfo[MasinaTrunkID[playerid]][tDrugs] -= valoarea;
  PlayerInfo[playerid][pDrugs] += valoarea;
  new query[256], security, security2;
  mysql_real_escape_string(vInfo[MasinaTrunkID[playerid]][tDrugs], security);
  format(query, sizeof(string), "UPDATE `vehicles` SET `Drugs`= '%d' WHERE `ID`='%d'", security, playerid);
  mysql_query(query);
  mysql_real_escape_string(PlayerInfo[playerid][pDrugs], security2);
  format(query, sizeof(string), "UPDATE `players` SET `Drugs`= '%d' WHERE `ID`='%d'",security2, playerid);
  mysql_query(query);
  format( string, sizeof( string ), "{5c94e8}Info: {FFFFFF} Ai scos %d droguri.", valoarea );
     return 1;
}

if( dialogid == DIALOG_TRUNK_SCOATEMATS )
{
     if( !response ) return 1;
     new valoarea = strval(inputtext);
     if( vInfo[MasinaTrunkID[playerid]][tMaterials] < valoarea ) return 1;
     if (valoarea < 0) return SendClientMessage(playerid, -1, "{5c94e8}Info:{FFFFFF} Nu poti sa extragi sume negative. * Incercare de usualy bug abuse.");
     vInfo[MasinaTrunkID[playerid]][tMaterials] -= valoarea;
  PlayerInfo[playerid][pMats] += valoarea;
  new query[256], security, security2;
  mysql_real_escape_string(vInfo[MasinaTrunkID[playerid]][tMaterials], security);
  format(query, sizeof(string), "UPDATE `vehicles` SET `Materials`= '%d' WHERE `ID`='%d'", security, playerid);
  mysql_query(query);
  mysql_real_escape_string(PlayerInfo[playerid][pMats], security2);
  format(query, sizeof(string), "UPDATE `players` SET `Materials`= '%d' WHERE `ID`='%d'", security2, playerid);
  mysql_query(query);
  format( string, sizeof( string ), "{5c94e8}Info: {FFFFFF} Ai scos %d materiale.", valoarea );
     return 1;
}
if( dialogid == DIALOG_TRUNK_DEPUNEDRUG )
{
     if( !response ) return 1;
     new valoarea = strval(inputtext);
     if( PlayerInfo[playerid][pDrugs] < valoarea ) return 1;
     if (valoarea < 0) return SendClientMessage(playerid, -1, "{5c94e8}Info:{FFFFFF} Nu poti sa depui sume negative. * Incercare de usualy bug abuse.");
     vInfo[MasinaTrunkID[playerid]][tDrugs] += valoarea;
  PlayerInfo[playerid][pDrugs] -= valoarea;
  new query[256], security, security2;
  mysql_real_escape_string(vInfo[MasinaTrunkID[playerid]][tDrugs], security);
  format(query, sizeof(string), "UPDATE `vehicles` SET `Drugs`= '%d' WHERE `ID`='%d'", security);
  mysql_query(query);
  mysql_real_escape_string(PlayerInfo[playerid][pDrugs], security2);
  format(query, sizeof(string), "UPDATE `players` SET `Drugs`= '%d' WHERE `ID`='%d'",security2, playerid);
  mysql_query(query);
  format( string, sizeof( string ), "{5c94e8}Info: {FFFFFF} Ai depus %d droguri.", valoarea );
  return 1;
}
if( dialogid == DIALOG_TRUNK_DEPUNEMATS )
{
     if( !response ) return 1;
     new valoarea = strval(inputtext);
     if( PlayerInfo[playerid][pMats] < valoarea ) return 1;
     if (valoarea < 0) return SendClientMessage(playerid, -1, "{5c94e8}Info:{FFFFFF} Nu poti sa depui sume negative. * Incercare de usualy bug abuse.");
     vInfo[MasinaTrunkID[playerid]][tMaterials] += valoarea;
  PlayerInfo[playerid][pMats] -= valoarea;
  new query[256], security, security2;
  mysql_real_escape_string(vInfo[MasinaTrunkID[playerid]][tMaterials], security);
  format(query, sizeof(string), "UPDATE `vehicles` SET `Materials`= '%d' WHERE `ID`='%d'", security, playerid);
  mysql_query(query);
  mysql_real_escape_string(PlayerInfo[playerid][pMats], security2);
     format(query, sizeof(string), "UPDATE `players` SET `Materials`= '%d' WHERE `ID`='%d'",security2, playerid);
  mysql_query(query);
  format( string, sizeof( string ), "{5c94e8}Info: {FFFFFF} Ai depus %d materiale.", valoarea );
        return 1;
}

Edited September 4, 2015 by KnowN

VeLo · September 4, 2015

Este gm KRONIX.

kwnx · September 4, 2015

Este gm KRONIX.

Nu ai tu treaba ce si cum este.

Jimmi · September 4, 2015

Multumesc KnowN.Imi da erori:de argumentul 2...Intelegi tu.Daca modific in security[50] si security2[50] nu mai da erori.Are ceva?

Sign In

Mysql sqli injection

Question

Link to comment

Share on other sites

15 answers to this question

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Similar Content

Recently Browsing 0 members

Important Information