Welcome,
Short story: When a user connects to the hotel, it sends a packet with the SWF revision (header id of "4000"). Basically, this packet changes the global variable "PlusEnvironment.SWFRevision". The global variable is shown on the ":about" (hotel information) command. A user can manipulate this string to anything they'd like; putting your users in danger of a potential URL threat.
Here's the fix
Credits for fix
Ali (me) - 100%
You're welcome.
Short story: When a user connects to the hotel, it sends a packet with the SWF revision (header id of "4000"). Basically, this packet changes the global variable "PlusEnvironment.SWFRevision". The global variable is shown on the ":about" (hotel information) command. A user can manipulate this string to anything they'd like; putting your users in danger of a potential URL threat.
Here's the fix
- Locate the file 'GetClientVersionEvent.cs' - Communication > Packets > Incoming > Handshake
- Replace the class content with the code below.
Code:
using Plus.HabboHotel.GameClients;using Plus.Communication.Packets.Incoming;
namespace Plus.Communication.Packets.Incoming.Handshake
{
public class GetClientVersionEvent : IPacketEvent
{
public void Parse(GameClient Session, ClientPacket Packet)
{
string Build = Packet.PopString();
if (!Build.ToLower().StartsWith("production"))
return;
Session.SWFRevision = Build;
}
}
}
- Locate file "GameClient.cs" - HabboHotel > GameClients
- Find "private readonly int _id;" (at top) and above it, add the code:
Code:
internal string SWFRevision { get; set; }
- Save the file.
- Locate the file "InfoCommand.cs" - HabboHotel > Rooms > Chat > Commands > User
- Search for
Code:
PlusEnvironment.SWFRevision
- Replace with
Code:
Session.SWFRevision
Credits for fix
Ali (me) - 100%
You're welcome.
Last edited: