From 4fc0a3c9a19d76bed3079b368b0402730633db6d Mon Sep 17 00:00:00 2001 From: Beny Date: Tue, 21 May 2019 19:09:54 +0100 Subject: [PATCH] SSO exploit fixed --- .../java/com/eu/habbo/habbohotel/users/HabboManager.java | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/main/java/com/eu/habbo/habbohotel/users/HabboManager.java b/src/main/java/com/eu/habbo/habbohotel/users/HabboManager.java index 64107ea0..6bca1549 100644 --- a/src/main/java/com/eu/habbo/habbohotel/users/HabboManager.java +++ b/src/main/java/com/eu/habbo/habbohotel/users/HabboManager.java @@ -110,7 +110,7 @@ public class HabboManager try(Connection connection = Emulator.getDatabase().getDataSource().getConnection(); - PreparedStatement statement = connection.prepareStatement("SELECT * FROM users WHERE auth_ticket LIKE ? LIMIT 1")) + PreparedStatement statement = connection.prepareStatement("SELECT * FROM users WHERE auth_ticket = ? LIMIT 1")) { statement.setString(1, sso); try (ResultSet set = statement.executeQuery()) @@ -126,11 +126,10 @@ public class HabboManager if (!Emulator.debugging) { - try (PreparedStatement stmt = connection.prepareStatement("UPDATE users SET auth_ticket = ? WHERE auth_ticket LIKE ? AND id = ? LIMIT 1")) + try (PreparedStatement stmt = connection.prepareStatement("UPDATE users SET auth_ticket = ? WHERE id = ? LIMIT 1")) { stmt.setString(1, ""); - stmt.setString(2, sso); - stmt.setInt(3, habbo.getHabboInfo().getId()); + stmt.setInt(2, habbo.getHabboInfo().getId()); stmt.execute(); } catch (SQLException e) {