Plus Emulator Security Fixes

[nullrou7e]

u can save your own figure with a packetlogger.

You are talking about saving your own figure like this. This way is parsed through the anti mutant. And AFAIK the only other way to update a bot's look is via the database.

 

[FunkyTuri]

You are talking about saving your own figure like this. This way is parsed through the anti mutant. And AFAIK the only other way to update a bot's look is via the database.

U can save your own figure into the wired extradata . lol

 

[xjoao]

in fact it has many wireds to exploit only that still can not take if you can put the fix here

 

[papagaios]

I have not yet figured out how to fix these

 

[xjoao]

could you post the other fix to help ragezone: D

 

[Brought]

I have not yet figured out how to fix these

Figured out how to fix what? The fixes are already posted in this thread.

 

[Pepijntjuh]

Hi,

When I was checking Plus I found a exploit which makes it possible to send queries, drop tables, whatever you like. I noticed that someone finally found out the exploit and I decided to release the fix because this guys just want duck some poop up.

Open the source and follow me.

1). HabboHotel\Items\Wired\Boxes\Effects\BotChangesClothesBox.cs

Find:


Replace:


And to be sure:

2). Communication\Packets\Incoming\Rooms\AI\Bots\SaveBotActionEvent.cs

Find:


Replace:


Replace the stuff as seen above in your source and recompile. I'm not going to explain how to execute the exploit because no one has this fixed yet.

More fixes

1). Communication\Packets\Incoming\Rooms\Furni\Wired\SaveWiredConfigEvent.cs

Find:


Replace:


There is a way to change someone elses Wired settings so the code above is the fix.

2). Communication\Packets\Incoming\Catalog\CheckGnomeNameEvent.cs (Thanks to @Damien Jolly & thanks to @Shorty for sending me)

Find:


Replace:


The code above will fix the furni which change in Gnomes & duplicate furni in db.

3). HabboHotel\Users\UserData\UserDataFactory.cs (Thanks to @Damien Jolly)

Find:


Replace:


Find:


Replace:


PlusEnviroment.cs

Find:


Replace:


Finally run this database query:



The code above will fix logging in someone elses account without password.

There's more, and I will release more fixes later. If you have troubles with someone who is duck some poop up send me a PM

#BTW KEEP SAFE DON'T USE ARTURES/PLUS/ANY OTHER SERVER BUT USE COMET SERVER by @Leon

Thanks Ryan, i would dont use Comet Server, the reason is that Comet still not updated is and really buggy

 

[The General]

Thanks Ryan, i would dont use Comet Server, the reason is that Comet still not updated is and really buggy

No you don't understand. You have to pay Ryan $100 per update.

 

[Jmandupree]

No you don't understand. You have to pay Ryan $100 per update.

fuk dat, glad i don't use that

 

[N0tis]

Thanks Ryan, i would dont use Comet Server, the reason is that Comet still not updated is and really buggy

I've actually updated Comet and maybe I'll release it on Ragezone.

Comet Server 1.3.1 APLHA updated to PRODUCTION-201607262204-86871104
Everything is working.

Chatlog & New catalogue working:

You must be registered to see links

Trading & trax (jukebox) works too on the new version lol.


Don't pay for emulators.

 

[N0tis]

Who is interested in Comet Server which is not released, very up-to-date and very very stable (without bugs) ^ can PM me

I'll PM you. I hope its free tho .

 

[Habbo Blu]

Fix client, go to UserDataFactory.cs

Find:

dbClient.SetQuery("SELECT users.id,users.username,users.rank,users.motto,users.look,users.gender,users.last_online,users.credits,users.activity_points,users.home_room,users.block_newfriends,users.hide_online,users.hide_inroom,users.vip,users.account_created,users.vip_points,users.machine_id,users.volume,users.chat_preference,users.focus_preference,users.pets_muted,users.bots_muted,users.advertising_report_blocked,users.last_change,users.gotw_points,users.ignore_invites,users.time_muted,users.allow_gifts,users.friend_bar_state,users.disable_forced_effects,users.allow_mimic,users.rank_vip " + "FROM users " + "JOIN user_auth_ticket " + "ON users.id = user_auth_ticket.user_id " + "WHERE user_auth_ticket.auth_ticket = @sso " + "LIMIT 1");

Add after

dbClient.AddParameter("sso", SessionTicket);
dUserInfo = dbClient.getRow();

 

[DinamicUser]

SSO FIX for RevCMS

You must be registered to see links

 

[Konquer]

SSO FIX for RevCMS

Spoiler

/*----------------------------------------Create SSO auth_ticket-------------------------------------*/ final public function createSSO($k) { $sessionKey = ''.rand(9,9999999).''.substr(sha1(time()).''.rand(9,9999999).''.rand(9,9999999).''.rand(9,9999999),0,33); $this->updateUser($k, 'auth_ticket', $sessionKey); $sql = mysql_query("SELECT `user_id` FROM `user_auth_ticket` WHERE `user_id` = '".$k."'"); if(mysql_num_rows($sql) > 0){ mysql_query("UPDATE `user_auth_ticket` SET `auth_ticket` = '".$sessionKey."' WHERE `user_id` = '".$k."'"); }else{ mysql_query("INSERT INTO `user_auth_ticket` (`user_id`, `auth_ticket`) VALUES ('".$k."', '".$sessionKey."');"); } unset($sessionKey); }

People generally want to know what something does before they copy pasterino it into their cms.

Also, you should probably tell people which file the existing method can be found in. Also also, the formatting of your code makes my eyes bleed.

 

[BeginOfEnd]

SSO FIX for RevCMS

Spoiler

/*----------------------------------------Create SSO auth_ticket-------------------------------------*/ final public function createSSO($k) { $sessionKey = ''.rand(9,9999999).''.substr(sha1(time()).''.rand(9,9999999).''.rand(9,9999999).''.rand(9,9999999),0,33); $this->updateUser($k, 'auth_ticket', $sessionKey); $sql = mysql_query("SELECT `user_id` FROM `user_auth_ticket` WHERE `user_id` = '".$k."'"); if(mysql_num_rows($sql) > 0){ mysql_query("UPDATE `user_auth_ticket` SET `auth_ticket` = '".$sessionKey."' WHERE `user_id` = '".$k."'"); }else{ mysql_query("INSERT INTO `user_auth_ticket` (`user_id`, `auth_ticket`) VALUES ('".$k."', '".$sessionKey."');"); } unset($sessionKey); }

Already posted: http://forum.ragezone.com/f333/help-sso-1104504/