[Plus Emulator] Bot Speech Exploit Fix

Results 1 to 9 of 9
  1. #1
    Newbie Verted is offline
    MemberRank
    Nov 2017 Join Date
    4Posts

    [Plus Emulator] Bot Speech Exploit Fix

    Hi RaGEZONE,
    I recently came across an "exploit" that allows users to bypass the bad HTML filter on bot speech setup.
    Normally for example <font size="200"> and </font> would be blocked, but by simply using <FONT SIZE="200"> and </FONT> in capitals, you can bypass the filter. I also believe you can work around it with other variations too like "FoNT" or "fOnT" - but I do not remember. 200 is not the font size limit, you can make it go much higher and take up the whole screen. I have not tested this with alot of other HTML, but I'm sure this could be used to do much more malicious things.

    It is shown here:
    https://image.prntscr.com/image/ZJLYy7V7QX_h5oRX5iIuhg.png





    Here's the fix which completely removes any form of string upon saving bot speeches.

    Go to SaveBotActionEvent.cs and find:
    Code:
    for (int i = 0; i <= SpeechData.Length - 1; i++)
                            {                             using (IQueryAdapter dbClient = DatabaseManager.GetQueryReactor())


    Replace that with:

    Code:
    for (int i = 0; i <= SpeechData.Length - 1; i++)                        {
                                SpeechData[i] = Regex.Replace(SpeechData[i], "<(.|\\n)*?>", string.Empty);
                                using (IQueryAdapter dbClient = DatabaseManager.GetQueryReactor())
    Happy days.


  2. #2
    Time is just an Illusion! streamhotel is offline
    True MemberRank
    Apr 2012 Join Date
    EarthLocation
    543Posts

    Re: [Plus Emulator] Bot Speech Exploit Fix

    This is old news. Already fixed clientside I thought. Which Habbo.swf revision you were using?

  3. #3
    Deep thoughts [Plus Emulator] Bot Speech Exploit Fix Joopie is offline
    Alpha MaleRank
    Jun 2010 Join Date
    The NetherlandsLocation
    2,648Posts

    Re: [Plus Emulator] Bot Speech Exploit Fix

    Quote Originally Posted by streamhotel View Post
    This is old news. Already fixed clientside I thought. Which Habbo.swf revision you were using?
    Fixing it serverside is always better than let the client handle stuff like this. It's oke as a first measurement against invalid input, but the server should always do it too!

  4. #4
    Newbie Verted is offline
    MemberRank
    Nov 2017 Join Date
    4Posts

    Re: [Plus Emulator] Bot Speech Exploit Fix

    Quote Originally Posted by streamhotel View Post
    This is old news. Already fixed clientside I thought. Which Habbo.swf revision you were using?
    Plus Revision 2, not sure which production though. Can check this later if I can be fucked.

    Quote Originally Posted by Joopie View Post
    Fixing it serverside is always better than let the client handle stuff like this. It's oke as a first measurement against invalid input, but the server should always do it too!
    True.

  5. #5
    Death from above! The General is offline
    DeveloperRank
    Aug 2011 Join Date
    9,195Posts

    Re: [Plus Emulator] Bot Speech Exploit Fix

    Ever since bots were released this has been a issue on most emulators.
    If you are using Arcturus, contact me
    Discord: TheGeneral#0063
    Join the Arcturus Discord server: https://discord.gg/eDr7FKQ

  6. #6
    Newbie Verted is offline
    MemberRank
    Nov 2017 Join Date
    4Posts

    Re: [Plus Emulator] Bot Speech Exploit Fix

    Quote Originally Posted by The General View Post
    Ever since bots were released this has been a issue on most emulators.
    No longer

  7. #7
    Ultimate Member Oliveri is offline
    MemberRank
    Sep 2013 Join Date
    153Posts

    Re: [Plus Emulator] Bot Speech Exploit Fix

    Quote Originally Posted by Verted View Post
    No longer
    Honestly, yes it is. You can still bypass the "protection" one way or another. Like in *rcturus it would be fixed with a simple while loop, but no one cares.

  8. #8
    Registered DinamicUser is offline
    MemberRank
    Dec 2013 Join Date
    ItalyLocation
    19Posts

    Re: [Plus Emulator] Bot Speech Exploit Fix

    I've tested this bug on Plus Emulator R2 by Sledmore and it are affect.

    EDIT: Thank you for this fix.
    Last edited by DinamicUser; 03-12-17 at 01:21 PM.

  9. #9
    Gaby is offline
    SubscriberRank
    Apr 2013 Join Date
    Viva HollandiaLocation
    1,558Posts

    Re: [Plus Emulator] Bot Speech Exploit Fix





Advertisement