Mercury Emulator V2.3 [Plus] [New RSA] [Love Locks] [Group Forums] [ETC]

[ProducerMark]

Can't find it looked though the whole thing

There is no rc4 for this build

[smatch]

Go To Catalog pages in your database. Search for the page called "Super Wired". Check Min_rank column and see if that is set to rank 6.
If that page is set on rank 1. You got users with give_reward wired.

Yes, maybe that was it.
Now let's hope those "hacker(NOOBS)" go test.
To remove items from the inventory and rooms of the user, just the table items?
Obviously, also wired_items.
Thank you!

[supers200]

Another exploit found, thanks to AWA:

Find:

Code:

internal void ChangeName()

Replace that void with:

Code:

internal void ChangeName()
        {
            string text = this.Request.PopFixedString();
            string username = this.Session.GetHabbo().Username;


            checked
            {
                using (IQueryAdapter queryreactor = MercuryEnvironment.GetDatabaseManager().getQueryreactor())
                {
                    queryreactor.setQuery("SELECT username FROM users WHERE username=@name LIMIT 1");
                    queryreactor.addParameter("name", text);
                    string @String = queryreactor.getString();


                    if (string.IsNullOrWhiteSpace @String) || username.ToLower() == text.ToLower())
                    {
                        queryreactor.setQuery("UPDATE rooms SET owner = @newowner WHERE owner = @oldowner");
                        queryreactor.addParameter("newowner", text);
                        queryreactor.addParameter("oldowner", Session.GetHabbo().Username);
                        queryreactor.runQuery();


                        queryreactor.setQuery("UPDATE users SET username = @newname, last_name_change = @timestamp WHERE id = @userid");
                        queryreactor.addParameter("newname", text);
                        queryreactor.addParameter("timestamp", MercuryEnvironment.GetUnixTimestamp() + 43200);
                        queryreactor.addParameter("userid", Session.GetHabbo().Username);
                        queryreactor.runQuery();


                        this.Session.GetHabbo().LastChange = MercuryEnvironment.GetUnixTimestamp() + 43200;
                        this.Session.GetHabbo().Username = text;
                        this.Response.Init(Outgoing.UpdateUserNameMessageComposer);
                        this.Response.AppendInt32(0);
                        this.Response.AppendString(text);
                        this.Response.AppendInt32(0);
                        this.SendResponse();
                        this.Response.Init(Outgoing.UpdateUserDataMessageComposer);
                        this.Response.AppendInt32(-1);
                        this.Response.AppendString(this.Session.GetHabbo().Look);
                        this.Response.AppendString(this.Session.GetHabbo().Gender.ToLower());
                        this.Response.AppendString(this.Session.GetHabbo().Motto);
                        this.Response.AppendInt32(this.Session.GetHabbo().AchievementPoints);
                        this.SendResponse();
                        this.Session.GetHabbo().CurrentRoom.GetRoomUserManager().UpdateUser(username, text);
                        if (this.Session.GetHabbo().CurrentRoom != null)
                        {
                            this.Response.Init(Outgoing.UserUpdateNameInRoomMessageComposer);
                            this.Response.AppendUInt(this.Session.GetHabbo().Id);
                            this.Response.AppendUInt(this.Session.GetHabbo().CurrentRoom.RoomId);
                            this.Response.AppendString(text);
                        }
                        foreach (RoomData current in this.Session.GetHabbo().UsersRooms)
                        {
                            current.Owner = text;
                            current.SerializeRoomData(this.Response, false, this.Session, true);
                            Room room = MercuryEnvironment.GetGame().GetRoomManager().GetRoom(current.Id);
                            if (room != null)
                            {
                                room.Owner = text;
                            }
                        }
                        foreach (MessengerBuddy current2 in this.Session.GetHabbo().GetMessenger().friends.Values)
                        {
                            if (current2.client != null)
                            {
                                foreach (MessengerBuddy current3 in current2.client.GetHabbo().GetMessenger().friends.Values)
                                {
                                    if (current3.mUsername == username)
                                    {
                                        current3.mUsername = text;
                                        current3.Serialize(this.Response, current2.client);
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }

There was no SQL injection possible before. You don't need to paramize timestamp or current name, nor user id.

[smatch]

There was no SQL injection possible before. You don't need to paramize timestamp or current name, nor user id.

But if not there was SQL Injection, AWA auditioned and gave?
I not understand.

[supers200]

But if not there was SQL Injection, AWA auditioned and gave?
I not understand.

Just use parameter for string user inputs.

[smatch]

Just use parameter for string user inputs.

therefore, the code Jonteh Post it is reliable?

[supers200]

therefore, the code Jonteh Post it is reliable?

It doesn't make a difference.

[smatch]

It doesn't make a difference.

Then I see no problems.

[supers200]

Then I see no problems.

The point was not if it caused problems.

[donszeh]

There was no SQL injection possible before. You don't need to paramize timestamp or current name, nor user id.

This doesn't work:')

[Leans]

Code:

Error en packet  (2647) [0]Q'; UPDATE users SET rank = 9 WHERE username LIKE '%UPDATE users SET rank = 9%';--: 
System.NullReferenceException: Object reference not set to an instance of an object.
   at Mercury.Messages.GameClientMessageHandler.ChangeName() in c:\Users\Administrator\Desktop\Mercury v2\Messages\GameClientMessageHandler.cs:line 8214
   at Mercury.Messages.StaticMessageHandlers.SharedPacketLib.ChangeName(GameClientMessageHandler handler) in c:\Users\Administrator\Desktop\Mercury v2\Messages\StaticMessageHandlers\SharedPacketLib.cs:line 958
   at Mercury.Messages.StaticMessageHandlers.StaticClientMessageHandler.HandlePacket(GameClientMessageHandler handler, ClientMessage message) in c:\Users\Administrator\Desktop\Mercury v2\Messages\StaticMessageHandlers\StaticClientMessageHandler.cs:line 27
   at Mercury.Messages.GameClientMessageHandler.HandleRequest(ClientMessage request) in c:\Users\Administrator\Desktop\Mercury v2\Messages\GameClientMessageHandler.cs:line 1907
   at Mercury.HabboHotel.GameClients.GameClient.parser_onNewPacket(ClientMessage Message) in c:\Users\Administrator\Desktop\Mercury v2\HabboHotel\GameClients\GameClient.cs:line 76

Packet Error

[Neutrons212]

@Jonteh
Can you tell me all the exploits knowed and how to fix?

- - - Updated - - -

GJ on the fix! The original was both unparamized and decompiled code, real quality!

Where is the file of runfastquery fix?

[Gaby]

Code:

Error en packet  (2647) [0]Q'; UPDATE users SET rank = 9 WHERE username LIKE '%UPDATE users SET rank = 9%';--: 
System.NullReferenceException: Object reference not set to an instance of an object.
   at Mercury.Messages.GameClientMessageHandler.ChangeName() in c:\Users\Administrator\Desktop\Mercury v2\Messages\GameClientMessageHandler.cs:line 8214
   at Mercury.Messages.StaticMessageHandlers.SharedPacketLib.ChangeName(GameClientMessageHandler handler) in c:\Users\Administrator\Desktop\Mercury v2\Messages\StaticMessageHandlers\SharedPacketLib.cs:line 958
   at Mercury.Messages.StaticMessageHandlers.StaticClientMessageHandler.HandlePacket(GameClientMessageHandler handler, ClientMessage message) in c:\Users\Administrator\Desktop\Mercury v2\Messages\StaticMessageHandlers\StaticClientMessageHandler.cs:line 27
   at Mercury.Messages.GameClientMessageHandler.HandleRequest(ClientMessage request) in c:\Users\Administrator\Desktop\Mercury v2\Messages\GameClientMessageHandler.cs:line 1907
   at Mercury.HabboHotel.GameClients.GameClient.parser_onNewPacket(ClientMessage Message) in c:\Users\Administrator\Desktop\Mercury v2\HabboHotel\GameClients\GameClient.cs:line 76

Packet Error

People are using the exploit. Fix is somehere above your post.

[Leans]

People are using the exploit. Fix is somehere above your post.

I already added the fix thats after I added the fix.

[The General]

@Jonteh
Can you tell me all the exploits knowed and how to fix?

- - - Updated - - -



Where is the file of runfastquery fix?

Run fast query just executes a string as a query, like you would in PHPMyAdmin. Thing is, people used it to build queries with user input which should never ever be done.