OBS new SQL injection

InVaDeR359

Active Member
May 29, 2017
160
121
72
Somebody came into my stream last night on Twitch and made my stream shut down for three times. It caused my Software to crash ( StreamLabs OBS latest version ) and got my game crashed afterwards ( Rainbow Six Siege ). I'm running Windows 10 64-bit.
I have never had this problem on any of my streams until today.
I couldn't see what he was writing in the chat but other people can
here is a random screen taken by one of my viewers of what he's actually written:
1918

Do you guys know anything about this? I think it's a new exploit in their software. But how am I the only one having this issue? How can I protect my self from this SQL injection and why the well-known streamers didn't get attacked as well?
 

kalle

high minded
Contributor
Oct 28, 2015
411
253
178
Somebody came into my stream last night on Twitch and made my stream shut down for three times. It caused my Software to crash ( StreamLabs OBS latest version ) and got my game crashed afterwards ( Rainbow Six Siege ). I'm running Windows 10 64-bit.
I have never had this problem on any of my streams until today.
I couldn't see what he was writing in the chat but other people can
here is a random screen taken by one of my viewers of what he's actually written:
View attachment 1918

Do you guys know anything about this? I think it's a new exploit in their software. But how am I the only one having this issue? How can I protect my self from this SQL injection and why the well-known streamers didn't get attacked as well?
Cant really belive that this dumb looking sql querys are reason to shut down the stream.
 

Asphyxia

Owner
Administrator
Apr 25, 2015
1,845
2
2,199
327
dumb looking sql querys are reason to shut down the stream.
That is the funniest vulnerability in the damn world. I am sorry this happened to you but they really should secure their software better.

Code:
sql_off
select * from twitch
;

I am curious if this really works, slightly tempted to give this a try but do not want to harm anyone. What version of OBS (aside from latest) you using @InVaDeR359 I may setup my own stream to test.

Kid's name is shown here I think? https://www.instagram.com/ali.jbara97/?hl=en

Snap : alijbara
Theinfinix500, his Twitch profile is https://bit.ly/2JOzg5W

ali.jbara97

Atttttaaaaaccckkk lol xD
 
Last edited:

OvO

CipherSpeak Developer
Jan 23, 2018
34
11
46
I posted all sql commands but it dosent work what did i wrong or already fixed ? and Wtf xd
 

FarisDev

L oryh brx
Contributor
Jun 9, 2016
277
111
107
Maybe he want to make him self the unbelievable hacker, so he posted a SQL commands. And actually its not a SQL Vulnerability.
 
Top