Mercury Emulator V2.3 [Plus] [New RSA] [Love Locks] [Group Forums] [ETC]

[supers200]

SQL injections, about 10 different bugs that we couldn't be fucked hearing about from every user so we just rolled back and downgraded.

Okay, please tell me the bugs.

[smatch]

Another exploit found, thanks to AWA:

Find:

Code:

internal void ChangeName()

Replace that void with:

Code:

internal void ChangeName()
		{
			string text = this.Request.PopFixedString();
			string username = this.Session.GetHabbo().Username;


			checked
			{
				using (IQueryAdapter queryreactor = MercuryEnvironment.GetDatabaseManager().getQueryreactor())
				{
					queryreactor.setQuery("SELECT username FROM users WHERE username=@name LIMIT 1");
					queryreactor.addParameter("name", text);
					string @String = queryreactor.getString();


					if (string.IsNullOrWhiteSpace @String) || username.ToLower() == text.ToLower())
					{
                        queryreactor.setQuery("UPDATE rooms SET owner = @newowner WHERE owner = @oldowner");
                        queryreactor.addParameter("newowner", text);
                        queryreactor.addParameter("oldowner", Session.GetHabbo().Username);
                        queryreactor.runQuery();


                        queryreactor.setQuery("UPDATE users SET username = @newname, last_name_change = @timestamp WHERE id = @userid");
                        queryreactor.addParameter("newname", text);
                        queryreactor.addParameter("timestamp", MercuryEnvironment.GetUnixTimestamp() + 43200);
                        queryreactor.addParameter("userid", Session.GetHabbo().Username);
                        queryreactor.runQuery();


						this.Session.GetHabbo().LastChange = MercuryEnvironment.GetUnixTimestamp() + 43200;
						this.Session.GetHabbo().Username = text;
						this.Response.Init(Outgoing.UpdateUserNameMessageComposer);
						this.Response.AppendInt32(0);
						this.Response.AppendString(text);
						this.Response.AppendInt32(0);
						this.SendResponse();
						this.Response.Init(Outgoing.UpdateUserDataMessageComposer);
						this.Response.AppendInt32(-1);
						this.Response.AppendString(this.Session.GetHabbo().Look);
						this.Response.AppendString(this.Session.GetHabbo().Gender.ToLower());
						this.Response.AppendString(this.Session.GetHabbo().Motto);
						this.Response.AppendInt32(this.Session.GetHabbo().AchievementPoints);
						this.SendResponse();
						this.Session.GetHabbo().CurrentRoom.GetRoomUserManager().UpdateUser(username, text);
						if (this.Session.GetHabbo().CurrentRoom != null)
						{
							this.Response.Init(Outgoing.UserUpdateNameInRoomMessageComposer);
							this.Response.AppendUInt(this.Session.GetHabbo().Id);
							this.Response.AppendUInt(this.Session.GetHabbo().CurrentRoom.RoomId);
							this.Response.AppendString(text);
						}
						foreach (RoomData current in this.Session.GetHabbo().UsersRooms)
						{
							current.Owner = text;
							current.SerializeRoomData(this.Response, false, this.Session, true);
							Room room = MercuryEnvironment.GetGame().GetRoomManager().GetRoom(current.Id);
							if (room != null)
							{
								room.Owner = text;
							}
						}
						foreach (MessengerBuddy current2 in this.Session.GetHabbo().GetMessenger().friends.Values)
						{
							if (current2.client != null)
							{
								foreach (MessengerBuddy current3 in current2.client.GetHabbo().GetMessenger().friends.Values)
								{
									if (current3.mUsername == username)
									{
										current3.mUsername = text;
										current3.Serialize(this.Response, current2.client);
									}
								}
							}
						}
					}
				}
			}
		}

What is this exploit? What did people do?

[akajsmoove]

What is this exploit? What did people do?

Able to rank themselves up as owner and more.

[smatch]

Able to rank themselves up as owner and more.

Thanks.

I'm having trouble with this error.

This line:

if (string.IsNullOrWhiteSpace @String) || username.ToLower() == text.ToLower())

[Alex Be]

Thanks.

I'm having trouble with this error.

This line:

Replace

Code:

if (string.IsNullOrWhiteSpace @String) || username.ToLower() == text.ToLower())

With this

Code:

if (string.IsNullOrWhiteSpace (@String) || username.ToLower() == text.ToLower())

[smatch]

Replace

Code:

if (string.IsNullOrWhiteSpace @String) || username.ToLower() == text.ToLower())

With this

Code:

if (string.IsNullOrWhiteSpace (@String) || username.ToLower() == text.ToLower())

Thank you! work fine!

@TOPIC
Automatic_chat = FIXED
changeName. = FIXED
Has over some other flaw that I no saw?
And I have another problem ...
Do not know how, but they can give ADM badge for everyone. O_o

[Alex Be]

@TOPIC
Automatic_chat = FIXED
changeName. = FIXED
Has over some other flaw that I no saw?
And I have another problem ...
Do not know how, but they can give ADM badge for everyone. O_o

Check Fuse_cmds in your database. and make sure Roombadge, MassBadge and Givebadge in rank column is high enough.

[smatch]

Check Fuse_cmds in your database. and make sure Roombadge, MassBadge and Givebadge in rank column is high enough.

The rank is 6, is correct, yes?
I still do not know how they get badges.

[MrSpooks]

The rank is 6, is correct, yes?
I still do not know how they get badges.

In this case I'm guessing there is still another exploit that will allow them to do this kind of thing, make sure that user still dose not have a rank I'll take a look later to see if there is any more that anyone is not telling is about, guessing it's people that want to feel they are pro hackers lol

[retrostudios]

Where iz da RS4 how do I fix it? I need the php file ;)

[smatch]

In this case I'm guessing there is still another exploit that will allow them to do this kind of thing, make sure that user still dose not have a rank I'll take a look later to see if there is any more that anyone is not telling is about, guessing it's people that want to feel they are pro hackers lol

Yes, you're right.
Well, I've tried to find some fault in source, and I not found.
You can help me with this, and maybe we can fix.
Good luck.

[Alex Be]

Yes, you're right.
Well, I've tried to find some fault in source, and I not found.
You can help me with this, and maybe we can fix.
Good luck.

Go To Catalog pages in your database. Search for the page called "Super Wired". Check Min_rank column and see if that is set to rank 6.
If that page is set on rank 1. You got users with give_reward wired.

[retrostudios]

can i have rs4 for dis

[ProducerMark]

can i have rs4 for dis

Search this thread for your answer, and you shall find. This has been asked before

[retrostudios]

Can't find it looked though the whole thing