Holo security fix #2
Good evening habboons! You are lucky today, thanks to good ole Niggus + Aaron from ForceHotel.com, another SQL vulnerability in the emulator was detected. Well, actually ‘thanks’ to the scriptkiddies that tried to abuse it…
We were discussing the weak security of running MySQL under it’s almighty root account, and after I told him to create a limited account and disable file functions etc for it, errors showed up in the server log. A scriptkiddie was using this SQL vulnerability in an attempt to create a new database table, but was caught in the act: he failed to use it properly thus leading into errors in the server log, notifying Aaron of a SQL exploit. Congratulations, the ‘I failed at haxing’-award goes out to you. 
This is a SQL vulnerability, which allows badguys to execute any SQL query that they want at your database. This includes modifying data, but, under an insecure server setup, creation of new files in the filesystem like shells etc: so they can take over your server and stuff! Bad times! How to fix?
1) Open up virtualUser.cs of the emulator sourcecode
2) Search for:
dbClient.runQuery(“UPDATE users_badges SET slotid = ‘” + slotID + “‘ WHERE userid = ‘” + this.userID + “‘ AND badgeid = ‘” + Badge + “‘ LIMIT 1″); // update slot
replace it with…
dbClient.AddParamWithValue(“badge”, Badge);
dbClient.runQuery(“UPDATE users_badges SET slotid = ‘” + slotID + “‘ WHERE userid = ‘” + this.userID + “‘ AND badgeid = @badge LIMIT 1″); // update slot
3) Save and recompile
Woop, another SQL vulnerability patch. Provided free of charge by Pvt. Nillus, with help from ForceHotel and a noob scripter.
Another tip: don’t use MySQL’s root user for your private server: it’s not safe. Create a limited account like ‘holo_user’, and only give it access to SELECT, UPDATE, INSERT, DELETE. Then configure your emulator and CMS to use this account. This prevents them from using the file functions, incase they find a SQL exploit. Good evening boons, and stay safe. 
Don’t forget to apply the previously published fix too, it’s another SQL vulnerability in the emulator: click here for the other patch
Also, if you are feeling generous: you can always donate to me with PayPal. Any amount is welcome, I have never charged money for my work so any amount is welcome. Thank you!
Also: Angelo check it out.
Women Moncler Vest…
[...]Be creative when your building things.[...]…
know the factors of mis sold ppi?…
this is actually thegenerally next common question. common query. possibly you have mis sold ppi you did not take the trouble to learn with regards to the conditions and terms, you could possibly were definitely too eager with regard to the…
Thank You…
I just saw this really good post today….
Great Clips Coupons…
[...]listed below are a few urls to web-sites that we link to seeing that we believe there’re worth checking out[...]…
blu-ray players and recorders, dvd recorders and…
players, lcd and plasma tvs, home cinema speaker systems and av amplifiers. sound and vision have two stores, one just of the m60 in bolton near manchester and the other in armley just off the m62 on the outskirts of leeds….
therefore, you can’t really have wood flooring…
installed in the bathroom or kitchen – at least, not without doing a lot of finishing. even then, warping and other issues may arise. laminate flooring minimizes those concerns. while it looks almost exactly like the real thing, it isn’t as…
and proprietary card processing, is the right…
choice for your pos product needs, for upgrading existing authorization-only equipment, or for merchants moving to debit. whatever your selection criteria, the t7p is a clearwinner.regardless of your pos application, the t7p is a winner when it comes t…
… [Trackback]…
[...] There you will find 72709 more Infos: blog.nillus.net/post/holo-security-fix-2/ [...]…
What a great Blog…
This is an amazing Site…
tahita has chosen to wear her stunning…
motel dib dab orange top with classic stonewash jeans and converses fro the ultimate sexy rock chic look. tahita knows the importance of sexy modern head turning outfits so embraces motel’s toblerone skirt and has been seen in this stunning skirt…
Check this out…
[...] that is the end of this article. Here you’ll find some sites that we think you’ll appreciate, just click the links over[...]……
[...]Sites of interest we have a link to[...]……
[...]usually posts some very interesting stuff like this. If you’re new to this site[...]……
[...] that is the end of this article. Here you’ll find some sites that we think you’ll appreciate, just click the links over[...]……
[...] Every once in a while we choose blogs that we read. Listed below are the latest sites that we choose [...]……
look more amazing such as computer programs…
and accessories. investing in the most expensive equipment is a good idea if you plan to turn photography to a profession. but if you’re only up for it as a hobby, a decent camera with an 18-55mm lens will do a…
for their college expenses; especially since the…
cost of college is continuing to rise.even if you got a college scholarship or some type of grant you realize that it is not enough to pay for the college books that you will be needing. it seems that the books…
decided that single men made better soldiers…
than those with wives and families, he outlawed marriage for young men — his crop of potential soldiers. valentine, realizing the injustice of the decree, defied claudius and continued to perform marriages for young lovers in secret. when valentine’s…
Website Trackback Link…
[...]the time to read or visit the content or sites we have linked to below the[...]…
[...]always a big fan of linking to bloggers that I love but don’t get a lot of link love from[...]……
[...]just beneath, are numerous totally not related sites to ours, however, they are surely worth going over[...]……
choi game vui ban sung dua xe mini…
I had to tell best post gamevui…
according to the surgeon general’s report, the…
health benefits of smoking cessation, combining interventions such as physician advice and use of smoking cessation products like nicotine patches and non-nicotine pills like varenicline tartrate increases success rates of quitting.studies have shown t…
Its hard to find good help…
I am regularly proclaiming that its difficult to procure good help, but here is…
widest range of magazines and comic books…
around, so you will be able to take full advantage with the kindle fire.amazon’s whispersync feature is also available on your fire, enabling you to read the same book or magazine on a variety of without having to think what page…
[...] that is the end of this article. Here you’ll find some sites that we think you’ll appreciate, just click the links over[...]……
[...] Every once in a while we choose blogs that we read. Listed below are the latest sites that we choose [...]……
[...]always a big fan of linking to bloggers that I love but don’t get a lot of link love from[...]……
[...]just beneath, are numerous totally not related sites to ours, however, they are surely worth going over[...]……
[...]the time to read or visit the content or sites we have linked to below the[...]……
[...]here are some links to sites that we link to because we think they are worth visiting[...]……
of 17 billion dollars was generated by…
the japanese car imports in the sales that importers from canada had paid for the passenger cars that were being delivered throughout the year from various countries. the world is getting greener – or at least that is the impression as…
[...]the time to read or visit the content or sites we have linked to below the[...]……
[...]here are some links to sites that we link to because we think they are worth visiting[...]……
truyen la viet nam the gioi…
I had to comment best blog truyen la…
soccer ball (for practice time). if you…
are a goalie, you will also need some additional supplies including gloves, jerseys, elbow pads, and knee pads.whenever you decide to head out on your search for soccer gear, bring the list of above items along with you. shin guards, cleats,…
will smith son…
[...]a central factor of passe-temps stroke, physiotherapy, osteotherapy, anxiety leadership and relaxation therapy.[...]…
Just Browsing…
While I was browsing today I saw a excellent article about…
xem ket qua video bong da ngoai hang anh…
I had to comment you are fantastic post bongda bong da xaluan…
[...]The information mentioned in the article are some of the best available [...]……
[...]below you’ll find the link to some sites that we think you should visit[...]……
Read More…
[...]…Very Interesting…[...]…
wartrol review…
[...]Buy Wartrol oral genital warts[...]…
[...] that is the end of this article. Here you’ll find some sites that we think you’ll appreciate, just click the links over[...]……
[...] Every once in a while we choose blogs that we read. Listed below are the latest sites that we choose [...]……
check below, are some totally unrelated websites to ours, however, they are most trustworthy sources that we use…
one of our visitors recently recommended the following website…
… [Trackback]…
[...] Read More: blog.nillus.net/post/holo-security-fix-2/ [...]…
Great Clips Coupons…
[...]listed below are some references to web sites we link to because we believe they really are worthy of visiting[...]…
Read More…
[...]…Business Ideas…[...]…
[...]The information mentioned in the article are some of the best available [...]……
[...]below you’ll find the link to some sites that we think you should visit[...]……
Read More…
[...]…We like this Blog…[...]…