Mercury Emulator V2.3 [Plus] [New RSA] [Love Locks] [Group Forums] [ETC]

AWA · Sep 22, 2014

I am an butt, but at least I'm honest.

This exploit is one I've fixed, I posted the cause in an earlier post, but you can fix it by changing the runFastQuery to:

Code:

queryreactor3.setQuery("UPDATE bots SET automatic_chat = @autochat, speaking_interval = @[I][B][URL="http://forum.ragezone.com/members/791041.html"]inter[/URL][/B][/I]val, mix_phrases = @[I][B][URL="http://forum.ragezone.com/members/1333445824.html"]mix[/URL][/B][/I]_phrases WHERE id = @[I][B][URL="http://forum.ragezone.com/members/780131.html"]bot[/URL][/B][/I]id");


queryreactor3.addParameter("autochat", text2);
queryreactor3.addParameter("interval", Convert.ToInt32(value));
queryreactor3.addParameter("mix_phrases", text3);
queryreactor3.addParameter("botid", num);
queryreactor3.runQuery();

:congrats: GJ on the fix! The original was both unparamized and decompiled code, real quality!

Jonteh · Sep 22, 2014

AWA said:
:congrats: GJ on the fix! The original was both unparamized and decompiled code, real quality!

Prime example of why I hate using Plus Emulator and it's edits - however I was pushed to it by the hotels I develop for as my Butterfly R63B was "taking too long".

TardisHotel · Sep 22, 2014

Eduarpack said:
And yet here you are, using his work for free... What a hypocrite!

If you can fix this holes/exploits/clean it up/etc... Then do it, but don't bash this guy's work, specially when you're using his work.

1. He never bashed this guys work he had to fix the exploit as Tardis was exploited and we found out the hard way it had this exploit
2. Jonteh was posting the fix so no one else went through this
3. stop sitting on rz going on at peoples posts like this when all he was doing was helping and pointing out A FACT
4. The rest of you should run the fix like NOW so this doesn't happen to you.

smatch · Sep 23, 2014

Hi ;-)

Image of group in profile of user, not appears.
How to fix it?

7eQjstx - Mercury Emulator V2.3 [Plus] [New RSA] [Love Locks] [Group Forums] [ETC] - RaGEZONE Forums

Thanks brothers!

Eduarpack · Sep 23, 2014

TardisHotel said:
1. He never bashed this guys work he had to fix the exploit as Tardis was exploited and we found out the hard way it had this exploit
2. Jonteh was posting the fix so no one else went through this
3. stop sitting on rz going on at peoples posts like this when all he was doing was helping and pointing out A FACT
4. The rest of you should run the fix like NOW so this doesn't happen to you.

I'm not sure what you're trying to achieve with this, but we already discussed and moved on.

Jonteh · Sep 23, 2014

Eduarpack said:
I'm not sure what you're trying to achieve with this, but we already discussed and moved on.

You clearly haven't moved on if you feel the need to comment. Please, stop sending alerts to my phone its making my balls itch

Liam · Sep 23, 2014

Zedd said:
happening when using your exploit "fix, @Jonteh

Oh jesus, learn to apply patches, if you can't even do that don't own a hotel..

Cheers for the patch Jonty. Appreciated! :fanny:

For anyone who had the same problem as me when applying Jonty's patch, try this:

Code:

 queryreactor3.setQuery("UPDATE bots SET automatic_chat = @autochat, speaking_interval = [USER=791041]inter[/USER]val, mix_phrases = [USER=1333445824]mix[/USER]_phrases WHERE id = [USER=780131]bot[/USER]id");


                                {
                                    queryreactor3.addParameter("autochat", text2);
                                    queryreactor3.addParameter("interval", Convert.ToInt32(value));
                                    queryreactor3.addParameter("mix_phrases", text3);
                                    queryreactor3.addParameter("botid", num);
                                    queryreactor3.runQuery();
                                }

Tested and works.

Jonteh · Sep 23, 2014

Reverb said:

Oh jesus, learn to apply patches, if you can't even do that don't own a hotel..

Cheers for the patch Jonty. Appreciated! :fanny:

For anyone who had the same problem as me when applying Jonty's patch, try this:

Code:

 queryreactor3.setQuery("UPDATE bots SET automatic_chat = @autochat, speaking_interval = @[I][B][URL="http://forum.ragezone.com/members/791041.html"]inter[/URL][/B][/I]val, mix_phrases = @[I][B][URL="http://forum.ragezone.com/members/1333445824.html"]mix[/URL][/B][/I]_phrases WHERE id = @[I][B][URL="http://forum.ragezone.com/members/780131.html"]bot[/URL][/B][/I]id");


                                {
                                    queryreactor3.addParameter("autochat", text2);
                                    queryreactor3.addParameter("interval", Convert.ToInt32(value));
                                    queryreactor3.addParameter("mix_phrases", text3);
                                    queryreactor3.addParameter("botid", num);
                                    queryreactor3.runQuery();
                                }

Tested and works.

You're very welcome Heisenberg. I'll be posting more as I find them.

Zedd · Sep 23, 2014

Com'on Jonteh, how do you get it working? Never been good at C# because I have always used Phoenix earlier, and that was developed by Aaron.

Jonteh · Sep 23, 2014

Zedd said:
Com'on @Jonteh, how do you get it working? Never been good at C# because I have always used Phoenix earlier, and that was developed by Aaron.

That's not my problem. Can't work it out? Don't use it.

donszeh · Sep 23, 2014

Well Jonteh you're fix didn't work. Apply'd it good, and the little witch 'awa' still make's himself admin and dropped my user table.

Jonteh · Sep 23, 2014

donszeh said:
Well @Jonteh you're fix didn't work. Apply'd it good, and the little witch 'awa' still make's himself admin and dropped my user table.

It does work, you probably did it wrong mate. It's verified patched on Tardis.

Bullies · Sep 23, 2014

Jonteh said:
You're very welcome Heisenberg. I'll be posting more as I find them.

Would be nice if you could say where we can find the "runFastquery" for the people who are still starters when it comes to editing emulators..

Jonteh · Sep 23, 2014

Bullies said:
Would be nice if you could say where we can find the "runFastquery" for the people who are still starters when it comes to editing emulators..

I did a few posts back. I pasted the original query. You could just search for that string

Bullies · Sep 23, 2014

Jonteh said:
I did a few posts back. I pasted the original query. You could just search for that string

Yes, but in which file, haha!

akajsmoove · Sep 23, 2014

Thanks for the help Jonteh.

Jonteh · Sep 23, 2014

Bullies said:
Yes, but in which file, haha!

Search the entire project for the run fast query and its contents. Its the packet handler for updating bot speech though

Bullies · Sep 23, 2014

Jonteh said:
Search the entire project for the run fast query and its contents. Its the packet handler for updating bot speech though

Thanks for fixing and helping the community mate.

Jonteh · Sep 23, 2014

Another exploit found, thanks to AWA:

Find:

Code:

internal void ChangeName()

Replace that void with:

Code:

internal void ChangeName()
		{
			string text = this.Request.PopFixedString();
			string username = this.Session.GetHabbo().Username;


			checked
			{
				using (IQueryAdapter queryreactor = MercuryEnvironment.GetDatabaseManager().getQueryreactor())
				{
					queryreactor.setQuery("SELECT username FROM users WHERE username=@name LIMIT 1");
					queryreactor.addParameter("name", text);
					string [USER=560981]String[/USER] = queryreactor.getString();


					if (string.IsNullOrWhiteSpace [USER=560981]String[/USER]) || username.ToLower() == text.ToLower())
					{
                        queryreactor.setQuery("UPDATE rooms SET owner = [USER=571372]newo[/USER]wner WHERE owner = [USER=1333464006]old[/USER]owner");
                        queryreactor.addParameter("newowner", text);
                        queryreactor.addParameter("oldowner", Session.GetHabbo().Username);
                        queryreactor.runQuery();


                        queryreactor.setQuery("UPDATE users SET username = [USER=376652]newname[/USER], last_name_change = [USER=1333424529]timestamp[/USER] WHERE id = [USER=1335]user[/USER]id");
                        queryreactor.addParameter("newname", text);
                        queryreactor.addParameter("timestamp", MercuryEnvironment.GetUnixTimestamp() + 43200);
                        queryreactor.addParameter("userid", Session.GetHabbo().Username);
                        queryreactor.runQuery();


						this.Session.GetHabbo().LastChange = MercuryEnvironment.GetUnixTimestamp() + 43200;
						this.Session.GetHabbo().Username = text;
						this.Response.Init(Outgoing.UpdateUserNameMessageComposer);
						this.Response.AppendInt32(0);
						this.Response.AppendString(text);
						this.Response.AppendInt32(0);
						this.SendResponse();
						this.Response.Init(Outgoing.UpdateUserDataMessageComposer);
						this.Response.AppendInt32(-1);
						this.Response.AppendString(this.Session.GetHabbo().Look);
						this.Response.AppendString(this.Session.GetHabbo().Gender.ToLower());
						this.Response.AppendString(this.Session.GetHabbo().Motto);
						this.Response.AppendInt32(this.Session.GetHabbo().AchievementPoints);
						this.SendResponse();
						this.Session.GetHabbo().CurrentRoom.GetRoomUserManager().UpdateUser(username, text);
						if (this.Session.GetHabbo().CurrentRoom != null)
						{
							this.Response.Init(Outgoing.UserUpdateNameInRoomMessageComposer);
							this.Response.AppendUInt(this.Session.GetHabbo().Id);
							this.Response.AppendUInt(this.Session.GetHabbo().CurrentRoom.RoomId);
							this.Response.AppendString(text);
						}
						foreach (RoomData current in this.Session.GetHabbo().UsersRooms)
						{
							current.Owner = text;
							current.SerializeRoomData(this.Response, false, this.Session, true);
							Room room = MercuryEnvironment.GetGame().GetRoomManager().GetRoom(current.Id);
							if (room != null)
							{
								room.Owner = text;
							}
						}
						foreach (MessengerBuddy current2 in this.Session.GetHabbo().GetMessenger().friends.Values)
						{
							if (current2.client != null)
							{
								foreach (MessengerBuddy current3 in current2.client.GetHabbo().GetMessenger().friends.Values)
								{
									if (current3.mUsername == username)
									{
										current3.mUsername = text;
										current3.Serialize(this.Response, current2.client);
									}
								}
							}
						}
					}
				}
			}
		}

Twan · Sep 23, 2014

Reverb said:

Oh jesus, learn to apply patches, if you can't even do that don't own a hotel..

Cheers for the patch Jonty. Appreciated! :fanny:

For anyone who had the same problem as me when applying Jonty's patch, try this:

Code:

 queryreactor3.setQuery("UPDATE bots SET automatic_chat = @autochat, speaking_interval = [USER=791041]inter[/USER]val, mix_phrases = [USER=1333445824]mix[/USER]_phrases WHERE id = [USER=780131]bot[/USER]id");


                                {
                                    queryreactor3.addParameter("autochat", text2);
                                    queryreactor3.addParameter("interval", Convert.ToInt32(value));
                                    queryreactor3.addParameter("mix_phrases", text3);
                                    queryreactor3.addParameter("botid", num);
                                    queryreactor3.runQuery();
                                }

Tested and works.

Cant find it

Welcome!

Mercury Emulator V2.3 [Plus] [New RSA] [Love Locks] [Group Forums] [ETC]

Master Summoner

:joy:

Elite Diviner

Newbie Spellweaver

Attachments

Newbie Spellweaver

:joy:

Gamma Spamma

Attachments

:joy:

Experienced Elementalist

:joy:

Skilled Illusionist

:joy:

Junior Spellweaver

:joy:

Junior Spellweaver

Newbie Spellweaver

:joy:

Junior Spellweaver

:joy:

Custom Title Activated

About Us

Online statistics

Forum statistics

RaGEZONE Sponsor