Plus Emulator Security Fixes

[FunkyTuri]

Even then, it's ran through the anti mutant which will prevent any invalid strings.

Code:

string Look = PlusEnvironment.GetGame().GetAntiMutant().RunLook(Packet.PopString());

If any SQL is passed through it'll simply return a figure:



These SQLi patches are still useful for people not running the boon edit though.

I tried to inject and i can without problems.

[nullrou7e]

I tried to inject and i can without problems.

Then you're either not using boon edit or you're not going via tanji.

[FunkyTuri]

Then you're either not using boon edit or you're not going via tanji.

in BotChangesClothesBox.cs there isn't the antimutant..

[nullrou7e]

u can save your own figure with a packetlogger.

You are talking about saving your own figure like this. This way is parsed through the anti mutant. And AFAIK the only other way to update a bot's look is via the database.

[FunkyTuri]

You are talking about saving your own figure like this. This way is parsed through the anti mutant. And AFAIK the only other way to update a bot's look is via the database.

U can save your own figure into the wired extradata . lol

[xjoao]

in fact it has many wireds to exploit only that still can not take if you can put the fix here

[papagaios]

I have not yet figured out how to fix these

[xjoao]

could you post the other fix to help ragezone: D

[Brought]

I have not yet figured out how to fix these

Figured out how to fix what? The fixes are already posted in this thread.

[Pepijntjuh]

Hi,

When I was checking Plus I found a exploit which makes it possible to send queries, drop tables, whatever you like. I noticed that someone finally found out the exploit and I decided to release the fix because this guys just want fuck some shit up.

Open the source and follow me.

1). HabboHotel\Items\Wired\Boxes\Effects\BotChangesClothesBox.cs

Find:


Replace:


And to be sure:

2). Communication\Packets\Incoming\Rooms\AI\Bots\SaveBotActionEvent.cs

Find:


Replace:


Replace the stuff as seen above in your source and recompile. I'm not going to explain how to execute the exploit because no one has this fixed yet.

More fixes

1). Communication\Packets\Incoming\Rooms\Furni\Wired\SaveWiredConfigEvent.cs

Find:


Replace:


There is a way to change someone elses Wired settings so the code above is the fix.

2). Communication\Packets\Incoming\Catalog\CheckGnomeNameEvent.cs (Thanks to @Damien Jolly & thanks to @Shorty for sending me)

Find:


Replace:


The code above will fix the furni which change in Gnomes & duplicate furni in db.

3). HabboHotel\Users\UserData\UserDataFactory.cs (Thanks to @Damien Jolly)

Find:


Replace:


Find:


Replace:


PlusEnviroment.cs

Find:


Replace:


Finally run this database query:



The code above will fix logging in someone elses account without password.

There's more, and I will release more fixes later. If you have troubles with someone who is fuck some shit up send me a PM

#BTW KEEP SAFE DON'T USE ARTURES/PLUS/ANY OTHER SERVER BUT USE COMET SERVER by @Leon

Thanks Ryan, i would dont use Comet Server, the reason is that Comet still not updated is and really buggy

[The General]

Thanks Ryan, i would dont use Comet Server, the reason is that Comet still not updated is and really buggy

No you don't understand. You have to pay Ryan $100 per update.

[Jmandupree]

No you don't understand. You have to pay Ryan $100 per update.

fuk dat, glad i don't use that

[N0tis]

Thanks Ryan, i would dont use Comet Server, the reason is that Comet still not updated is and really buggy

I've actually updated Comet and maybe I'll release it on Ragezone.

Comet Server 1.3.1 APLHA updated to PRODUCTION-201607262204-86871104
Everything is working.

Chatlog & New catalogue working: Printscreen

Trading & trax (jukebox) works too on the new version lol.


Don't pay for emulators.

[N0tis]

Who is interested in Comet Server which is not released, very up-to-date and very very stable (without bugs) ^ can PM me

I'll PM you. I hope its free tho .

[Habbo Blu]

Fix client, go to UserDataFactory.cs

Find:

dbClient.SetQuery("SELECT users.id,users.username,users.rank,users.motto,users.look,users.gender,users.last_online,users.credits,users.activity_points,users.home_room,users.block_newfriends,users.hide_online,users.hide_inroom,users.vip,users.account_created,users.vip_points,users.machine_id,users.volume,users.chat_preference,users.focus_preference,users.pets_muted,users.bots_muted,users.advertising_report_blocked,users.last_change,users.gotw_points,users.ignore_invites,users.time_muted,users.allow_gifts,users.friend_bar_state,users.disable_forced_effects,users.allow_mimic,users.rank_vip " + "FROM users " + "JOIN user_auth_ticket " + "ON users.id = user_auth_ticket.user_id " + "WHERE user_auth_ticket.auth_ticket = @sso " + "LIMIT 1");

Add after

dbClient.AddParameter("sso", SessionTicket);
dUserInfo = dbClient.getRow();