The Hacker's Guide to the Kingdom - The Book of Boozerbear

Author: Boozerbear

Chapter Five
(the Clan Store)

The Clan Store hack was one of the easiest to find and probably the most widespread of the exploits that still existed when I began my KoL hacking journey. Certainly all of the top clans were using it. To understand how it worked, let's take a look at the HTML form that comprised the front-end for the clan shop interface:

<b>Buy Stuff with Clan Funds:</b><p>
<form name=buyround action=clan_stash.php method=post>
<input type=hidden name=action value="buyround">
<b>Items:</b><select name=whichitem>
<option value=41>ice-cold beer (448 Meat)</option>
<option value=180>ice-cold fotie (448 Meat)</option>
<option value=233>Doc Galaktik's Restorative Balm (900 Meat)</option>
<option value=234>Doc Galaktik's Homeopathic Elixir (1200 Meat)</option>
<option value=15>Strongness elixir (900 Meat)</option>
<option value=277>Extra-Strength Strongness Elixir (4200 Meat)</option>
<option value=271>Enchanted Barbell (3000 Meat)</option>
<option value=16>Magicalness-in-a-Can (900 Meat)</option>
<option value=278>Jug-O-Magicalness (4200 Meat)</option>
<option value=272>concentrated Magicalness pill (3000 Meat)</option>
<option value=14>Moxie weed (900 Meat)</option>
<option value=279>Suntan Lotion of Moxiousness (4200 Meat)</option>
<option value=273>giant Moxie weed (3000 Meat)</option>
<input class=button type=submit value="Buy Item for Clan Members">

Fairly straightforward- submit to clan_stash.php these variables:
$action (what function to access - always "buyround")
$whichitem (well, the itemID of the thing you want to buy)

Not much leeway for playing with $action, but hey, what happens if we change $whichitem to 453 (Sober Pill)? Well, whaddayaknow- there was no check at all to assure that what you asked for was on the list of what the store carried, and the Clan Store was happy to sell you a round of anything you cared to buy. At the time I didn't think about using it to buy one of everything in the game (I would think of it only after I turned in the hack to be fixed and cursed myself for my lack of foresight- a lack I corrected later) and thus I had a limited number of items on my new shopping list.

The script I wrote to exploit this behavior automates the process a bit, allowing you to specify up to 9999 rounds of automatic buying:

<title>KOL Klan Shop</title>
<b>KOL Klan Shop</b>

print <<<EOF
<form method="post" action="clanshop.php">
qty: <input type="text" name="x" value="$x" style="width:50px"><br>
<select name="y">
<option value="470">imp ale</option>
<option value="237">gin</option>
<option value="255">fine wine</option>
<option value="453">sober pill</option>
<option value="515">sneaky petes pie</option>
<option value="514">boris pie</option>
<option value="513">jarlsberg pie</option>
<input type="submit" name="submit" value="go >>>">

if ($submit) {
if (($x < 1) || ($x > 9999)) {$x=10;}
if (!$y) { $y = 515; }
print <<<EOF
<font color=red>
Buying $x of $y

print <<<EOF
Buy! ($y)<br>
<iframe src="$y" width="0" height="0">

} // end submit
print <<<EOF

Combined with a script I wrote to turn the Gin into Supermartinis and auto-drink and sober up, I managed within one day to level up to Level 1011, although Jick didn't let me stay there (:

Chapter Six
(the Clan Stash)

A very simple hack, I found that the Clan Stash script would allow you to stash something that couldn't be traded, thus allowing it to be traded. Even though the drop-down list didn't list the non-tradeable item, you could inject the value and there was no check to validate the incoming request. I used it to trade my (then ultra-rare) Continuum Transfuctioner to my main account and then earned my Item #13 for turning the exploit in.

Chapter Seven
(the Clan Furniture Store)