SWIFT EXPLOIT ALERT!

[Rama]

It was discovered a flaw in SQL Injection and butterstrom that possible to use sql commands within the Client.
It works like this:
And one must type the command sql injection option in the navigator 'search'
Immediately following type the following command: >>> owner:'; DROP TABLE users; <<

Does anyone know how to fix this? I'm using the latest version of swift emulator. (I think!)

(Screenie of exploit taking place is on this thread as attactched files)

 

[Sledmore]

There was a fix released for this months ago.

Open up the emulator.
Search for the following:

internal ServerMessage SerializeSearchResults(string SearchQuery)

Replace that void with the following:

internal ServerMessage SerializeSearchResults(string SearchQuery)
        {
            DataTable Data = new DataTable();
            using (IQueryAdapter dbClient = ButterflyEnvironment.GetDatabaseManager().getQueryreactor())
            {
                if (SearchQuery.Length > 0)
                {
                    if (SearchQuery.Contains("owner:"))
                    {
                        string[] splitSearch = SearchQuery.Split(':');
                        dbClient.setQuery("SELECT rooms.*, room_active.active_users FROM rooms LEFT JOIN room_active ON (room_active.roomid = rooms.id) WHERE owner = @query AND roomtype = 'private' " + "ORDER BY active_users DESC LIMIT 50");
                        dbClient.addParameter("query", splitSearch[1]);
                        Data = dbClient.getTable();
                    }
                    else
                    {
                        dbClient.setQuery("SELECT rooms.*, room_active.active_users FROM rooms LEFT JOIN room_active ON (room_active.roomid = rooms.id) WHERE owner = @query AND roomtype = 'private' " +
                                    "UNION ALL " + "SELECT rooms.*, room_active.active_users FROM rooms LEFT JOIN room_active ON (room_active.roomid = rooms.id) WHERE caption = @query AND roomtype = 'private' " + "ORDER BY active_users DESC LIMIT 50");
                        dbClient.addParameter("query", SearchQuery);
                        Data = dbClient.getTable();
                    }
                }
            }
            List<RoomData> list = new List<RoomData>();
            if (Data != null)
            {
                foreach (DataRow row in Data.Rows)
                {
                    RoomData item = ButterflyEnvironment.GetGame().GetRoomManager().FetchRoomData(Convert.ToUInt32(row["id"]), row);
                    list.Add(item);
                }
            }
            ServerMessage message = new ServerMessage(Outgoing.NavigatorPacket);
            message.AppendInt32(8);
            message.AppendString(SearchQuery);
            message.AppendInt32(list.Count);
            foreach (RoomData data2 in list)
            {
                data2.Serialize(message, false);
            }
            message.AppendBoolean(false);
            return message;
        }

And debug the emulator.

 

[BrianRetros]

It been Released before on a Forum cause i used it on my old retro

 

[Marko97]

I have been fixed this bug

 

[Sledmore]

I have been fixed this bug

Please do not bump threads. Also the second post in this thread (by me), has a public fix. Don't comment to just inform others you have something they do not.