Newbie Spellweaver
- Joined
- Oct 31, 2012
- Messages
- 74
- Reaction score
- 0
MrPudding
Passwords and buzzer in the rooms are buged.
Password, or bell, everyone enters normal.
Without ask password or doorbell ring, everyone enter in room.
What fix?
hablit.comIs there any demo hotels for this emu?
I think he mean you can't use the Help Tool and you can't open an case ( In the help and ask a question )
Maybe it should be so when you ask a question, staff will get it ? or something
If someone reports someone or something else, i can open the case? I can even send a alert trough it. or close it.
I wouldn't use this emulator before fixing the security holes in it...
queryreactor3.runFastQuery(string.Concat(new object[]
{
"UPDATE bots SET automatic_chat='",
text2,
"', speaking_interval=",
Convert.ToInt32(value),
" , mix_phrases = '",
text3,
"' WHERE id = ",
num
}));
Code:queryreactor3.runFastQuery(string.Concat(new object[] { "UPDATE bots SET automatic_chat='", text2, "', speaking_interval=", Convert.ToInt32(value), " , mix_phrases = '", text3, "' WHERE id = ", num }));
One of many... the guy who made this was obviously rushing this, not taking his time and making sure everything was coded efficiently and securely.
Prepared statements guys, when will you learn :thumbdown:
This has no major security holes or exploits. Not that I know of anyway. Just needs to be cleaned up like the code and make the code more secure, which is not hard to change the code into. But will take effort and time, And will make you bored. But if you have patience, then do so. This is the best emulator so far then the history of this section. I bet you joined a hotel for like 2 minutes then just putting "It has got security holes" without actually looking at the source and speculating. This is just an answer to you, not to start a war against me for putting this. If you have different visions, opinions and sightings of these such "Security holes.". please point them out and post what they do before flaming a release topic with such bs.I wouldn't use this emulator before fixing the security holes in it...
It's you, i don't have that problem
And yet here you are, using his work for free... What a hypocrite!
If you can fix this holes/exploits/clean it up/etc... Then do it, but don't bash this guy's work, specially when you're using his work.
No security holes, no exploits, just need to clean up the code and make the code more secure, which is not hard to change the code into. But will take effort and time, And will make you bored. But if you have patience, then do so. This is the best emulator so far, I bet you joined a hotel for like 2 minutes then just putting it has security holes without actually looking at the source. This is just an answer to you, not to start a war against me for putting this. PM me if you have different visions, opinions and sightings of these such "Security holes.". Before flaming a release topic with bs.
. It really made you look like an butt when i read that.Prepared statements guys, when will you learn :thumbdown:
I know you didn't say it was poop, neither did i (maybe you subconsciously thought it was poop). I think nobody cares if you fixed it or not, or at least i don't.
Your ''developer's point of view'' was fine until you ended it with this: . It really made you look like an butt when i read that.
There is a security hole.
A user called AWA added himself to ownership.
No one made him it.
I was told by johno this is a exploit in the emu.
queryreactor3.setQuery("UPDATE bots SET automatic_chat = @autochat, speaking_interval = [USER=791041]inter[/USER]val, mix_phrases = [USER=1333445824]mix[/USER]_phrases WHERE id = [USER=780131]bot[/USER]id");
queryreactor3.addParameter("autochat", text2);
queryreactor3.addParameter("interval", Convert.ToInt32(value));
queryreactor3.addParameter("mix_phrases", text3);
queryreactor3.addParameter("botid", num);
queryreactor3.runQuery();
Many thanks for your contribution!I am an butt, but at least I'm honest.
This exploit is one I've fixed, I posted the cause in an earlier post, but you can fix it by changing the runFastQuery to:
Code:queryreactor3.setQuery("UPDATE bots SET automatic_chat = @autochat, speaking_interval = @[I][B][URL="http://forum.ragezone.com/members/791041.html"]inter[/URL][/B][/I]val, mix_phrases = @[I][B][URL="http://forum.ragezone.com/members/1333445824.html"]mix[/URL][/B][/I]_phrases WHERE id = @[I][B][URL="http://forum.ragezone.com/members/780131.html"]bot[/URL][/B][/I]id"); queryreactor3.addParameter("autochat", text2); queryreactor3.addParameter("interval", Convert.ToInt32(value)); queryreactor3.addParameter("mix_phrases", text3); queryreactor3.addParameter("botid", num); queryreactor3.runQuery();
I am an butt, but at least I'm honest.