Obey
You just played yourself.
- Nov 23, 2013
- 250
- 29
Well, as you may know, a lot of hotels have been attacked the last few days.
I make a fast (because of urgency) fix for it, I'm not a pro, and I really hope somebody better than me make it (or at least a better filter).
First of all, go to your ButterflyEnvironment.cs, and below of
PHP Code:
Insert:
PHP Code:
Now, you will go to Messages/ClientMessage.cs
Search by internal string PopFixedString(), replace by
PHP Code:
Then, search by internal string PopFixedString(Encoding encoding) replace by:
PHP Code:
That will prevent any kind of SQL Injection, but will have some problems... That is because I wish to have somebody to make it better. The filter ISN'T perfect, because if you say TRUNCATE, for example, will be replaced for *bobba*.
( P.S - Got this off another forum and sharing it for people who want to use it. Please leave a like. )
Consider it as a temporaly fix.
I make a fast (because of urgency) fix for it, I'm not a pro, and I really hope somebody better than me make it (or at least a better filter).
First of all, go to your ButterflyEnvironment.cs, and below of
PHP Code:
Code:
internal static class ButterflyEnvironment {
PHP Code:
Code:
public static string DeletePossiblyTreat(string PopFixedString)
{
List<string> blackwords = new List<string>(); blackwords.Add("DROP TABLE"); blackwords.Add("rank="); blackwords.Add("TRUNCATE"); blackwords.Add("DELETE FROM"); blackwords.Add("SELECT ("); blackwords.Add("SELECT *"); blackwords.Add("INSERT INTO"); blackwords.Add("UPDATE"); blackwords.Add("CREATE"); blackwords.Add("RENAME");
foreach (string cont in blackwords)
{
if (PopFixedString.ToLower().Contains(cont.ToLower()))
{ PopFixedString = "*bobba*";
}
}
return PopFixedString;
}
Search by internal string PopFixedString(), replace by
PHP Code:
Code:
internal string PopFixedString()
{
return ButterflyEnvironment.DeletePossiblyTreat(this.PopFixedString(ButterflyEnvironment.GetDefaultEncoding()));
}
PHP Code:
Code:
internal string PopFixedString(Encoding encoding)
{
return ButterflyEnvironment.DeletePossiblyTreat(encoding.GetString(this.ReadFixedValue()));
}
( P.S - Got this off another forum and sharing it for people who want to use it. Please leave a like. )
Consider it as a temporaly fix.
Last edited: