Re: Mercury Emulator V2.3 [Plus] [New RSA] [Love Locks] [Group Forums] [ETC]
Quote:
Originally Posted by
Jonteh
SQL injections, about 10 different bugs that we couldn't be fucked hearing about from every user so we just rolled back and downgraded.
Okay, please tell me the bugs.
Re: Mercury Emulator V2.3 [Plus] [New RSA] [Love Locks] [Group Forums] [ETC]
Quote:
Originally Posted by
Jonteh
Another exploit found, thanks to AWA:
Find:
Code:
internal void ChangeName()
Replace that void with:
Code:
internal void ChangeName()
{
string text = this.Request.PopFixedString();
string username = this.Session.GetHabbo().Username;
checked
{
using (IQueryAdapter queryreactor = MercuryEnvironment.GetDatabaseManager().getQueryreactor())
{
queryreactor.setQuery("SELECT username FROM users WHERE username=@name LIMIT 1");
queryreactor.addParameter("name", text);
string @String = queryreactor.getString();
if (string.IsNullOrWhiteSpace @String) || username.ToLower() == text.ToLower())
{
queryreactor.setQuery("UPDATE rooms SET owner = @newowner WHERE owner = @oldowner");
queryreactor.addParameter("newowner", text);
queryreactor.addParameter("oldowner", Session.GetHabbo().Username);
queryreactor.runQuery();
queryreactor.setQuery("UPDATE users SET username = @newname, last_name_change = @timestamp WHERE id = @userid");
queryreactor.addParameter("newname", text);
queryreactor.addParameter("timestamp", MercuryEnvironment.GetUnixTimestamp() + 43200);
queryreactor.addParameter("userid", Session.GetHabbo().Username);
queryreactor.runQuery();
this.Session.GetHabbo().LastChange = MercuryEnvironment.GetUnixTimestamp() + 43200;
this.Session.GetHabbo().Username = text;
this.Response.Init(Outgoing.UpdateUserNameMessageComposer);
this.Response.AppendInt32(0);
this.Response.AppendString(text);
this.Response.AppendInt32(0);
this.SendResponse();
this.Response.Init(Outgoing.UpdateUserDataMessageComposer);
this.Response.AppendInt32(-1);
this.Response.AppendString(this.Session.GetHabbo().Look);
this.Response.AppendString(this.Session.GetHabbo().Gender.ToLower());
this.Response.AppendString(this.Session.GetHabbo().Motto);
this.Response.AppendInt32(this.Session.GetHabbo().AchievementPoints);
this.SendResponse();
this.Session.GetHabbo().CurrentRoom.GetRoomUserManager().UpdateUser(username, text);
if (this.Session.GetHabbo().CurrentRoom != null)
{
this.Response.Init(Outgoing.UserUpdateNameInRoomMessageComposer);
this.Response.AppendUInt(this.Session.GetHabbo().Id);
this.Response.AppendUInt(this.Session.GetHabbo().CurrentRoom.RoomId);
this.Response.AppendString(text);
}
foreach (RoomData current in this.Session.GetHabbo().UsersRooms)
{
current.Owner = text;
current.SerializeRoomData(this.Response, false, this.Session, true);
Room room = MercuryEnvironment.GetGame().GetRoomManager().GetRoom(current.Id);
if (room != null)
{
room.Owner = text;
}
}
foreach (MessengerBuddy current2 in this.Session.GetHabbo().GetMessenger().friends.Values)
{
if (current2.client != null)
{
foreach (MessengerBuddy current3 in current2.client.GetHabbo().GetMessenger().friends.Values)
{
if (current3.mUsername == username)
{
current3.mUsername = text;
current3.Serialize(this.Response, current2.client);
}
}
}
}
}
}
}
}
What is this exploit? What did people do?
Re: Mercury Emulator V2.3 [Plus] [New RSA] [Love Locks] [Group Forums] [ETC]
Quote:
Originally Posted by
smatch
What is this exploit? What did people do?
Able to rank themselves up as owner and more.
Re: Mercury Emulator V2.3 [Plus] [New RSA] [Love Locks] [Group Forums] [ETC]
Quote:
Originally Posted by
akajsmoove
Able to rank themselves up as owner and more.
Thanks.
http://i.imgur.com/jjAmisL.png
I'm having trouble with this error.
This line:
Quote:
if (string.IsNullOrWhiteSpace @String) || username.ToLower() == text.ToLower())
Re: Mercury Emulator V2.3 [Plus] [New RSA] [Love Locks] [Group Forums] [ETC]
Quote:
Originally Posted by
smatch
Replace
Code:
if (string.IsNullOrWhiteSpace @String) || username.ToLower() == text.ToLower())
With this
Code:
if (string.IsNullOrWhiteSpace (@String) || username.ToLower() == text.ToLower())
Re: Mercury Emulator V2.3 [Plus] [New RSA] [Love Locks] [Group Forums] [ETC]
Quote:
Originally Posted by
Alex Be
Replace
Code:
if (string.IsNullOrWhiteSpace @String) || username.ToLower() == text.ToLower())
With this
Code:
if (string.IsNullOrWhiteSpace (@String) || username.ToLower() == text.ToLower())
Thank you! work fine!
@TOPIC
Automatic_chat = FIXED
changeName. = FIXED
Has over some other flaw that I no saw?
And I have another problem ...
Do not know how, but they can give ADM badge for everyone. O_o
Re: Mercury Emulator V2.3 [Plus] [New RSA] [Love Locks] [Group Forums] [ETC]
Quote:
Originally Posted by
smatch
@TOPIC
Automatic_chat = FIXED
changeName. = FIXED
Has over some other flaw that I no saw?
And I have another problem ...
Do not know how, but they can give ADM badge for everyone. O_o
Check Fuse_cmds in your database. and make sure Roombadge, MassBadge and Givebadge in rank column is high enough.
Re: Mercury Emulator V2.3 [Plus] [New RSA] [Love Locks] [Group Forums] [ETC]
Quote:
Originally Posted by
Alex Be
Check Fuse_cmds in your database. and make sure Roombadge, MassBadge and Givebadge in rank column is high enough.
The rank is 6, is correct, yes?
I still do not know how they get badges.
Re: Mercury Emulator V2.3 [Plus] [New RSA] [Love Locks] [Group Forums] [ETC]
Quote:
Originally Posted by
smatch
The rank is 6, is correct, yes?
I still do not know how they get badges.
In this case I'm guessing there is still another exploit that will allow them to do this kind of thing, make sure that user still dose not have a rank I'll take a look later to see if there is any more that anyone is not telling is about, guessing it's people that want to feel they are pro hackers lol
Re: Mercury Emulator V2.3 [Plus] [New RSA] [Love Locks] [Group Forums] [ETC]
Where iz da RS4 how do I fix it? I need the php file ;)
Re: Mercury Emulator V2.3 [Plus] [New RSA] [Love Locks] [Group Forums] [ETC]
Quote:
Originally Posted by
MrSpooks
In this case I'm guessing there is still another exploit that will allow them to do this kind of thing, make sure that user still dose not have a rank I'll take a look later to see if there is any more that anyone is not telling is about, guessing it's people that want to feel they are pro hackers lol
Yes, you're right.
Well, I've tried to find some fault in source, and I not found.
You can help me with this, and maybe we can fix.
Good luck.
Re: Mercury Emulator V2.3 [Plus] [New RSA] [Love Locks] [Group Forums] [ETC]
Quote:
Originally Posted by
smatch
Yes, you're right.
Well, I've tried to find some fault in source, and I not found.
You can help me with this, and maybe we can fix.
Good luck.
Go To Catalog pages in your database. Search for the page called "Super Wired". Check Min_rank column and see if that is set to rank 6.
If that page is set on rank 1. You got users with give_reward wired.
Re: Mercury Emulator V2.3 [Plus] [New RSA] [Love Locks] [Group Forums] [ETC]
Re: Mercury Emulator V2.3 [Plus] [New RSA] [Love Locks] [Group Forums] [ETC]
Quote:
Originally Posted by
retrostudios
can i have rs4 for dis
Search this thread for your answer, and you shall find. This has been asked before
Re: Mercury Emulator V2.3 [Plus] [New RSA] [Love Locks] [Group Forums] [ETC]
Can't find it looked though the whole thing
