Well... I've been trying to fix the navigator exploit ... "owner:'; DROP TABLE users;" <<< How can I patch the exploit? P.S I'll disable market place... any other exploits I should know about?
Printable View
Well... I've been trying to fix the navigator exploit ... "owner:'; DROP TABLE users;" <<< How can I patch the exploit? P.S I'll disable market place... any other exploits I should know about?
Use the prepared statements.
How do I do that :sQuote:
Originally Posted by HillBilly
Lookup other queries that use prepared statements. They bind the value to a variable so the variable cannot directly interact with the SQL query.Quote:
Originally Posted by master99
I don't know what you mean... and how to do any of that? Is there like a easy way? like going in to navigator.cs and change it? or something? :(
Go to butterfly->habbohotel->navigators->navigator.cs and change your internal ServerMessage SerializeSearchResults to:
Code:internal ServerMessage SerializeSearchResults(string SearchQuery)
{
string ProtectedSearch = ButterflyEnvironment.FilterInjectionChars(SearchQuery);
if (ProtectedSearch.Contains("INSERT") || ProtectedSearch.Contains("DELETE") || ProtectedSearch.Contains("TRUNCATE") || ProtectedSearch.Contains(";"))
{
ProtectedSearch = "";
SearchQuery = "";
}
DataTable table = new DataTable();
using (IQueryAdapter adapter = ButterflyEnvironment.GetDatabaseManager().getQueryreactor())
{
if (SearchQuery.Length > 0)
{
if (SearchQuery.StartsWith("owner:"))
{
adapter.setQuery("SELECT * FROM rooms WHERE owner LIKE @owner ORDER BY id DESC LIMIT 50");
}
else if (adapter.dbType == DatabaseType.MySQL)
{
adapter.setQuery("SELECT rooms.*, room_active.active_users FROM rooms LEFT JOIN room_active ON (room_active.roomid = rooms.id) WHERE owner = @query AND roomtype = 'private' UNION ALL SELECT rooms.*, room_active.active_users FROM rooms LEFT JOIN room_active ON (room_active.roomid = rooms.id) WHERE caption = @query AND roomtype = 'private' ORDER BY active_users DESC LIMIT 50");
}
else
{
adapter.setQuery("SELECT TOP 50 rooms.*, room_active.active_users FROM rooms LEFT JOIN room_active ON (room_active.roomid = rooms.id) WHERE owner = @query AND roomtype = 'private' UNION ALL SELECT rooms.*, room_active.active_users FROM rooms LEFT JOIN room_active ON (room_active.roomid = rooms.id) WHERE caption = @query AND roomtype = 'private' ORDER BY active_users DESC");
}
adapter.addParameter("query", ProtectedSearch);
adapter.addParameter("owner", ProtectedSearch.Replace("owner:", ""));
table = adapter.getTable();
}
}
List<RoomData> list = new List<RoomData>();
if (table != null)
{
foreach (DataRow row in table.Rows)
{
RoomData item = ButterflyEnvironment.GetGame().GetRoomManager().FetchRoomData(Convert.ToUInt32(row["id"]), row);
list.Add(item);
}
}
ServerMessage message = new ServerMessage(Outgoing.NavigatorPacket);
message.AppendInt32(8);
message.AppendString(SearchQuery);
message.AppendInt32(list.Count);
foreach (RoomData data2 in list)
{
data2.Serialize(message, false);
}
message.AppendBoolean(false);
return message;
}
Not working.... baashotel... I'll show you the pictures;Attachment 139126Attachment 139127
Both fixes here: http://forum.ragezone.com/f353/swift...ml#post7744764
I have tried to fix it! I've applied the void.... doesn't fix it..
And guys... When I go to debug the emulator I get errors... :s is that normal?
