Menu
Forums
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Trending
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Upgrades
Log in
Register
What's new
Search
Search
Search titles only
By:
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Menu
Log in
Register
Navigation
Install the app
Install
More options
Contact us
Close Menu
Forums
Server Development
Habbo Retros
Habbo Releases
[FIX] Swift SQL Injection Problem
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="Obey" data-source="post: 249718" data-attributes="member: 40005"><p>Well, as you may know, a lot of hotels have been attacked the last few days.</p><p><strong><u><em>I make a fast (because of urgency) fix for it, I'm not a pro, and I really hope somebody better than me make it (or at least a better filter).</em></u></strong></p><p></p><p>First of all, go to your ButterflyEnvironment.cs, and below of</p><p>PHP Code:</p><p>[CODE]internal static class ButterflyEnvironment { [/CODE]</p><p>Insert:</p><p>PHP Code:</p><p>[CODE]public static string DeletePossiblyTreat(string PopFixedString)</p><p>{</p><p>List<string> blackwords = new List<string>(); blackwords.Add("DROP TABLE"); blackwords.Add("rank="); blackwords.Add("TRUNCATE"); blackwords.Add("DELETE FROM"); blackwords.Add("SELECT ("); blackwords.Add("SELECT *"); blackwords.Add("INSERT INTO"); blackwords.Add("UPDATE"); blackwords.Add("CREATE"); blackwords.Add("RENAME");</p><p>foreach (string cont in blackwords)</p><p>{</p><p>if (PopFixedString.ToLower().Contains(cont.ToLower()))</p><p>{ PopFixedString = "*bobba*";</p><p>}</p><p>}</p><p>return PopFixedString;</p><p>} [/CODE]</p><p>Now, you will go to <u>Messages/ClientMessage.cs</u></p><p>Search by <u>internal string PopFixedString()</u>, replace by</p><p>PHP Code:</p><p></p><p>[CODE]internal string PopFixedString()</p><p>{</p><p>return ButterflyEnvironment.DeletePossiblyTreat(this.PopFixedString(ButterflyEnvironment.GetDefaultEncoding()));</p><p>} [/CODE]</p><p>Then, search by <u>internal string PopFixedString(Encoding encoding)</u> replace by:</p><p>PHP Code:</p><p></p><p>[CODE]internal string PopFixedString(Encoding encoding)</p><p>{</p><p>return ButterflyEnvironment.DeletePossiblyTreat(encoding.GetString(this.ReadFixedValue()));</p><p>} [/CODE]</p><p>That will prevent any kind of SQL Injection, but will have some problems... That is because I wish to have somebody to make it better. The filter ISN'T perfect, because if you say TRUNCATE, for example, will be replaced for *bobba*.</p><p></p><p>( P.S - Got this off another forum and sharing it for people who want to use it. Please leave a like. )</p><p></p><p>Consider it as a temporaly fix.</p></blockquote><p></p>
[QUOTE="Obey, post: 249718, member: 40005"] Well, as you may know, a lot of hotels have been attacked the last few days. [B][U][I]I make a fast (because of urgency) fix for it, I'm not a pro, and I really hope somebody better than me make it (or at least a better filter).[/I][/U][/B] First of all, go to your ButterflyEnvironment.cs, and below of PHP Code: [CODE]internal static class ButterflyEnvironment { [/CODE] Insert: PHP Code: [CODE]public static string DeletePossiblyTreat(string PopFixedString) { List<string> blackwords = new List<string>(); blackwords.Add("DROP TABLE"); blackwords.Add("rank="); blackwords.Add("TRUNCATE"); blackwords.Add("DELETE FROM"); blackwords.Add("SELECT ("); blackwords.Add("SELECT *"); blackwords.Add("INSERT INTO"); blackwords.Add("UPDATE"); blackwords.Add("CREATE"); blackwords.Add("RENAME"); foreach (string cont in blackwords) { if (PopFixedString.ToLower().Contains(cont.ToLower())) { PopFixedString = "*bobba*"; } } return PopFixedString; } [/CODE] Now, you will go to [U]Messages/ClientMessage.cs[/U] Search by [U]internal string PopFixedString()[/U], replace by PHP Code: [CODE]internal string PopFixedString() { return ButterflyEnvironment.DeletePossiblyTreat(this.PopFixedString(ButterflyEnvironment.GetDefaultEncoding())); } [/CODE] Then, search by [U]internal string PopFixedString(Encoding encoding)[/U] replace by: PHP Code: [CODE]internal string PopFixedString(Encoding encoding) { return ButterflyEnvironment.DeletePossiblyTreat(encoding.GetString(this.ReadFixedValue())); } [/CODE] That will prevent any kind of SQL Injection, but will have some problems... That is because I wish to have somebody to make it better. The filter ISN'T perfect, because if you say TRUNCATE, for example, will be replaced for *bobba*. ( P.S - Got this off another forum and sharing it for people who want to use it. Please leave a like. ) Consider it as a temporaly fix. [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Server Development
Habbo Retros
Habbo Releases
[FIX] Swift SQL Injection Problem
Top