BcStorm/SwiftEMU exploitable and need immediate help.

[rails4ever]

Hello Everyone,

I have spent alot of money on my new Habbo Retro R63, including reverse proxies, domain names, setups, and other firewall systems, but my SQL keeps getting injected through my EMU!!! Everyone keeps tellin' me to switch ,but I know there is a fix, and won't stop until I find one. DOES ANYONE know where I can get a patch to prevent injection through the emulator?

 

[rails4ever]

It applied the updates ***HUGS** lol... Because I made other changes so that certain things can't be executed in the chat and I confirmed they work, however, You were talking about finding out where other possible exploits are... I have an MySQL Error Log but that might not be help.. How can I find out where other possible problems could be too? How do I test to see if it really was the navigator?

 

[Sledmore]

It applied the updates ***HUGS** lol... Because I made other changes so that certain things can't be executed in the chat and I confirmed they work, however, You were talking about finding out where other possible exploits are... I have an MySQL Error Log but that might not be help.. How can I find out where other possible problems could be too? How do I test to see if it really was the navigator?

You're welcome . If someone is attempting to exploit you should see the logs in the MySQL log file, to test that this will fix it simply search something like "owner: aa''a" in the navigator, an error shouldn't be thrown.

 

[rails4ever]

I put exactly owner: aa"a" no rooms found? or do i need to put "owner: aa"a"

 

[Sledmore]

I put exactly owner: aa"a" no rooms found? or do i need to put "owner: aa"a"

My point is no rooms will be found, but the character ' would throw a MySQL error, however it will not anymore due to being checked correctly now.

 

[rails4ever]

Would you mind if I put the SQL log for you? It's the one in the actual EMU folder, no where else. Maybe you can have a look @ it?

 

[Sledmore]

Would you mind if I put the SQL log for you? It's the one in the actual EMU folder, no where else. Maybe you can have a look @ it?

I'm now too busy to do so. Sorry, I suggest posting another thread or posting it here for others to look at if they chose to select the thread.

 

[rails4ever]

Sledmore, I so appreciate your help. I'm assuming that hackers are able to SQL inject in the emu anywhere they type text. I fixed the chat system so that can't be done, and I also fixed where the navigator... one other place I noticed it could be done is the messenger system (Friends) and the motto? Are those places it could be done?

 

[Sledmore]

Sledmore, I so appreciate your help. I'm assuming that hackers are able to SQL inject in the emu anywhere they type text. I fixed the chat system so that can't be done, and I also fixed where the navigator... one other place I noticed it could be done is the messenger system (Friends) and the motto? Are those places it could be done?

The motto is already checked and same with the messenger system.