@konfuzius, this wont work on online servers, because, almost all of them have the login system rewriten.
Why doesnt this work on online servers more exactly ? Because:
So, his exploit is about:
And this:
All happening at screen - settings mode settings.
The second "exploit" is about the groups, where, i did not exactly understand what he meant to do there, using:
@steffengy, what exactly did you say you're doing with this ?
Why doesnt this work on online servers more exactly ? Because:
PHP Code:
loc_4022EE: ldstr "+Fetching session..."
loc_4022F3: call WriteLine
loc_4022F8: nop
loc_4022F9: ldloc.1
loc_4022FA: ldstr "index.php?action=login"
loc_4022FF: call Concat
loc_402304: ldstr "user="
loc_402309: ldloc.2
loc_40230A: ldstr "&clear=true&password="
So, his exploit is about:
PHP Code:
loc_40247D: ldstr "5,`password`='"
loc_402482: stelem.ref
loc_402483: ldloc.s 31
loc_402485: ldc.i4.1
loc_402486: ldloc.s 6
loc_402488: call getMd5Hash
loc_40248D: stelem.ref
loc_40248E: ldloc.s 31
loc_402490: ldc.i4.2
loc_402491: ldstr "' WHERE `username`='"
PHP Code:
loc_4023DF: ldstr "&screen=settings&mode=settings"
The second "exploit" is about the groups, where, i did not exactly understand what he meant to do there, using:
PHP Code:
groups.php?village=ID&mode=village&action=update
@steffengy, what exactly did you say you're doing with this ?