Menu
Forums
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Trending
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Upgrades
Log in
Register
What's new
Search
Search
Search titles only
By:
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Menu
Log in
Register
Navigation
Install the app
Install
More options
Contact us
Close Menu
Forums
Server Development
Habbo Retros
Habbo Releases
Server Releases
[Plus Emulator] Bot Speech Exploit Fix
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="NO4H" data-source="post: 421905" data-attributes="member: 73063"><p>Hi devbest,</p><p>I recently came across an "exploit" that allows users to bypass the bad HTML filter on bot speech setup.</p><p>Normally for example <font size="200"> and </font> would be blocked, but by simply using <FONT SIZE="200"> and </FONT> in capitals, you can bypass the filter. I also believe you can work around it with other variations too like "FoNT" or "fOnT" - but I do not remember. 200 is not the font size limit, you can make it go much higher and take up the whole screen. I have not tested this with alot of other HTML, but I'm sure this could be used to do much more malicious things.</p><p></p><p>It is shown here</p><p>[SPOILER="Image"]<img src="https://image.prntscr.com/image/ZJLYy7V7QX_h5oRX5iIuhg.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /> [/SPOILER]</p><p>Here's the fix which completely removes any form of string upon saving bot speeches.</p><p></p><p>Go to SaveBotActionEvent.cs and find:</p><p>[CODE]for (int i = 0; i <= SpeechData.Length - 1; i++)</p><p> {</p><p> using (IQueryAdapter dbClient = DatabaseManager.GetQueryReactor())[/CODE]</p><p>Replace that with:</p><p>[CODE]for (int i = 0; i <= SpeechData.Length - 1; i++)</p><p> {</p><p> SpeechData[i] = Regex.Replace(SpeechData[i], "<(.|\\n)*?>", string.Empty);</p><p> using (IQueryAdapter dbClient = DatabaseManager.GetQueryReactor())[/CODE]</p><p></p><p><strong>Happy days.</strong></p></blockquote><p></p>
[QUOTE="NO4H, post: 421905, member: 73063"] Hi devbest, I recently came across an "exploit" that allows users to bypass the bad HTML filter on bot speech setup. Normally for example <font size="200"> and </font> would be blocked, but by simply using <FONT SIZE="200"> and </FONT> in capitals, you can bypass the filter. I also believe you can work around it with other variations too like "FoNT" or "fOnT" - but I do not remember. 200 is not the font size limit, you can make it go much higher and take up the whole screen. I have not tested this with alot of other HTML, but I'm sure this could be used to do much more malicious things. It is shown here [SPOILER="Image"][IMG]https://image.prntscr.com/image/ZJLYy7V7QX_h5oRX5iIuhg.png[/IMG] [/SPOILER] Here's the fix which completely removes any form of string upon saving bot speeches. Go to SaveBotActionEvent.cs and find: [CODE]for (int i = 0; i <= SpeechData.Length - 1; i++) { using (IQueryAdapter dbClient = DatabaseManager.GetQueryReactor())[/CODE] Replace that with: [CODE]for (int i = 0; i <= SpeechData.Length - 1; i++) { SpeechData[i] = Regex.Replace(SpeechData[i], "<(.|\\n)*?>", string.Empty); using (IQueryAdapter dbClient = DatabaseManager.GetQueryReactor())[/CODE] [B]Happy days.[/B] [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Server Development
Habbo Retros
Habbo Releases
Server Releases
[Plus Emulator] Bot Speech Exploit Fix
Top