[OSWO]

You want your plugin to become Malicious? You want anyone to gain access over everything? SQL server firewall'ed? No Problem! Introducing all new!

So what this kinda shows is how a CS:GO server can be used as a VPN into a SQL server. Some SQL servers have a firewall to only allow inbound connections from a cs:go server, but this show you how to manipulate it.

So - at the end of the day - be very aware of who and what you give users to in your servers. There could theoretically a way to actually leave the confinement of the CS:GO server and access the whole VPS / Dedi entirely, but I haven't got up to that yet : ^)

Note: PrintToConsole has a limit on how much it can print, I could have it push to a stack and print a few at a time until it's all printed, but you can figure that one out : ^)

Some notable commands:

Code:

sm_test "example" "show tables;"
sm_test "example" "desc a_table_name;"
sm_test "example" "INSERT INTO exampe_example VALUES ('STEAM_1:1:1111', 100, 0.1, 'more text');"

PHP Code:

public Action command_test(int I_Client, int I_Args) {
    char C_Server[64], C_Statement[512], C_Error[512];

    GetCmdArg(1, C_Server, sizeof(C_Server));
    GetCmdArg(2, C_Statement, sizeof(C_Statement));

    Database New = SQL_Connect(C_Server, true, C_Error, sizeof(C_Error));

    if (New != INVALID_HANDLE) {
        PrintToChat(I_Client, "Connection To %s Successful", C_Server);

        SQL_TQuery(New, sqlTest, C_Statement, GetClientUserId(I_Client), DBPrio_High);
        PrintToChat(I_Client, "Executing: %s", C_Statement);
    } else {
        PrintToChat(I_Client, "Error: %s", C_Error);
    }

    return Plugin_Handled;
}

public void sqlTest(Handle owner, Handle hndl, char[] error, int I_UserID) {
    char C_buffer[512], C_String[512], C_FieldName[64];
    int I_Client = GetClientOfUserId(I_UserID);

    if (IsClientInGame(I_Client)) {
        if (hndl != INVALID_HANDLE) {
            PrintToChat(I_Client, "Executed");

            if (SQL_GetRowCount(hndl) > 0) {
                int I_Fields = SQL_GetFieldCount(hndl);

                for (int i = 0; i < I_Fields; i++) {
                    SQL_FieldNumToName(hndl, i, C_FieldName, sizeof(C_FieldName));
                    Format(C_buffer, sizeof(C_buffer), "%s%s: ", C_buffer, C_FieldName);
                }

                PrintToConsole(I_Client, C_buffer);
                Format(C_buffer, sizeof(C_buffer), "");

                while (SQL_FetchRow(hndl)) {
                    for (int i = 0; i < I_Fields; i++) {
                        SQL_FetchString(hndl, i, C_String, sizeof(C_String));
                        Format(C_buffer, sizeof(C_buffer), "%s%s, ", C_buffer, C_String);
                    }

                    PrintToConsole(I_Client, C_buffer);
                    Format(C_buffer, sizeof(C_buffer), "");
                }
            }
        } else {
            PrintToChat(I_Client, error);
        }
    }
} 


Example Taken From TangoTimer:

Spoiler

[headline]

aka How to print an entire database to console

What are you trying to say? That if you have access you can write a plugin to print contents of a database? lol I must be missing something

[Neuro Toxin]

Using a proper sql client is much better

[OSWO]

Quote:

Originally Posted by Neuro Toxin Using a proper sql client is much better

Quote:

Originally Posted by OSWO Many SQL servers have a firewall to only allow inbound connections from a cs:go server, but this show you how to manipulate it.

You are definitely lacking security if you allow people with SQL clients to freely connect to the SQL database. Looks like I'll have to to change the "Many" to "Some" cause it shows you clearly don't.

Firstly this isn't a plugin - it's to show Server Owners how allowing people access to the plugins directory but locking down the DB's is "safe" but in reality it's not. This is just a gateway for anyone to pass through any / all commands like a "SQL Client" but through the CS:GO. If you read the big portion of the text above the code you'd understand but seeing you look straight at the code and not read the information itself is your loss.

[shavit]

Quote:

Originally Posted by OSWO You are definitely lacking security if you allow people with SQL clients to freely connect to the SQL database. Looks like I'll have to to change the "Many" to "Some" cause it shows you clearly don't.

http://stackoverflow.com/questions/1...sh-private-key

http://www.heidisql.com/

[sneaK]

Quote:

Originally Posted by OSWO Firstly this isn't a plugin - it's to show Server Owners how allowing people access to the plugins directory but locking down the DB's is "safe" but in reality it's not.

If anyone has ever thought this was "safe" in the first place, they need to re-evaluate their own common sense and securities.

If you take a look over at the Lysis thread, there's some funny examples of database information being dumped, rcon passwords, etc.

[Neuro Toxin]

Quote:

Originally Posted by OSWO You are definitely lacking security if you allow people with SQL clients to freely connect to the SQL database. Looks like I'll have to to change the "Many" to "Some" cause it shows you clearly don't.

I honestly dont understand a word your saying. It's all jibberish.

I figure u dont even know what injection is. I figure u make users with full permissions and dont understand permissions properly. A combination of both means I'll drop your entire schema.

I have an entire mysql cluster open to the public for my token and paintkit systems. I use permissions to control what these clients can do and have access to.

Moral is. Setup permissions and dont write injection vulnerable code.

Edit: If you can find my cluster and make a login, try do something naughty. The best u can do is leave me a message in a table row that will cost you .5AUD

I've had a few ppl do such for lols. They are now steam friends.

[OSWO]

Yawn.

[Neuro Toxin]

Fully. I'll just stfu :-)