• Unfortunately, we have experienced significant hard drive damage that requires urgent maintenance and rebuilding. The forum will be a state of read only until we install our new drives and rebuild all the configurations needed. Please follow our Facebook page for updates, we will be back up shortly! (The forum could go offline at any given time due to the nature of the failed drives whilst awaiting the upgrades.) When you see an Incapsula error, you know we are in the process of migration.

[Tutorial] Fix for Habboon DB (exploit)

D

David Redziniak

Newbie Spellweaver
Joined
Feb 7, 2013
Messages
44
Reaction score
3
This isn't much an exploit, but it's something that should be configured and not left sitting there.
This is just an attempt to help the community using Sledmore's DB release.
So, what I've witnessed is that the catalog can be exploited into viewing staff catalog pages, this is because the rank is not properly configured in the database. Some pages in the staff catalog of the DB is on rank 1(user), which should be changed to the rank of the catalog, to prevent unauthorized access. Again, something that should be configured for the protection of your hotel. Thank you.
 
The Best DDoS Protected Servers
Cankiee

Cankiee

HabboFont.net
500 Posts 10 Happy Years
Joined
May 13, 2013
Messages
968
Reaction score
240
I understand what you have said, but how is someone even able to view pages that are under a catagory that is higher then his rank?
Impossible? Or can we see Habbo.com Staff catalog ?:junglejane:
 
You must log in or register to reply here.

About Us

RaGEZONE® is a website dedicated to the development of massively multiplayer online role-playing games (MMORPGs).

Online statistics

Members online
147
Guests online
11,204
Total visitors
11,351
Totals may include hidden visitors.

Forum statistics

Threads
429,198
Messages
4,590,912
Members
281,305
Latest member
ismodev
Most visitors online was 12720 , on 2 May 2024

RaGEZONE Sponsor

    HyperFilter
Back
Top