I'm sick to death of getting my hotel.users deleted!! It pisses me of real bad.... Can you please... tell me any swift emulator SQL fixes? Please??
AND!? How do I translate the commands on swift emulator?
Printable View
I'm sick to death of getting my hotel.users deleted!! It pisses me of real bad.... Can you please... tell me any swift emulator SQL fixes? Please??
AND!? How do I translate the commands on swift emulator?
Who says its becouse of swift, maybe somebody is using a website exploit.
(look in your log, use different users for emu and web to indentify the origin)
There is an exploit in the navigator when you search for room -> owner: 'Inject Here'
Because he probably already checked his site?Quote:
Originally Posted by Superfun
I don't think ubercms has exploits....
Thanks HillBilly I'll give it a go fixing it....
My bad, UBERCMS has a few exploits.... but not many.... Easy fix...... Ethan galea.... I don't find that help.... I'd probably class that as spam.... :l
Just be careful owning a retro, have you even checked if you have received a DMCA?Quote:
Originally Posted by master99
Yes, Everyday ;)
I'll give you the fix for the owner: exploit.
Go to butterfly > habbohotel> navigators > navigator
Search for:
Change to:Code:internal ServerMessage SerializeSearchResults(string SearchQuery)
Code:internal ServerMessage SerializeSearchResults(string SearchQuery)
{
string ProtectedSearch = ButterflyEnvironment.FilterInjectionChars(SearchQuery);
if (ProtectedSearch.Contains("INSERT") || ProtectedSearch.Contains("DELETE") || ProtectedSearch.Contains("TRUNCATE") || ProtectedSearch.Contains(";"))
{
ProtectedSearch = "";
SearchQuery = "";
}
DataTable table = new DataTable();
using (IQueryAdapter adapter = ButterflyEnvironment.GetDatabaseManager().getQueryreactor())
{
if (SearchQuery.Length > 0)
{
if (SearchQuery.StartsWith("owner:"))
{
adapter.setQuery("SELECT * FROM rooms WHERE owner LIKE @owner ORDER BY id DESC LIMIT 50");
}
else if (adapter.dbType == DatabaseType.MySQL)
{
adapter.setQuery("SELECT rooms.*, room_active.active_users FROM rooms LEFT JOIN room_active ON (room_active.roomid = rooms.id) WHERE owner = @query AND roomtype = 'private' UNION ALL SELECT rooms.*, room_active.active_users FROM rooms LEFT JOIN room_active ON (room_active.roomid = rooms.id) WHERE caption = @query AND roomtype = 'private' ORDER BY active_users DESC LIMIT 50");
}
else
{
adapter.setQuery("SELECT TOP 50 rooms.*, room_active.active_users FROM rooms LEFT JOIN room_active ON (room_active.roomid = rooms.id) WHERE owner = @query AND roomtype = 'private' UNION ALL SELECT rooms.*, room_active.active_users FROM rooms LEFT JOIN room_active ON (room_active.roomid = rooms.id) WHERE caption = @query AND roomtype = 'private' ORDER BY active_users DESC");
}
adapter.addParameter("query", ProtectedSearch);
adapter.addParameter("owner", ProtectedSearch.Replace("owner:", ""));
table = adapter.getTable();
}
}
List<RoomData> list = new List<RoomData>();
if (table != null)
{
foreach (DataRow row in table.Rows)
{
RoomData item = ButterflyEnvironment.GetGame().GetRoomManager().FetchRoomData(Convert.ToUInt32(row["id"]), row);
list.Add(item);
}
}
ServerMessage message = new ServerMessage(Outgoing.NavigatorPacket);
message.AppendInt32(8);
message.AppendString(SearchQuery);
message.AppendInt32(list.Count);
foreach (RoomData data2 in list)
{
data2.Serialize(message, false);
}
message.AppendBoolean(false);
return message;
}
thanks so much!
You're welcome ;)Quote:
Originally Posted by master99