nitro/Arcturus-Community
1
0
Fork 0
mirror of https://git.krews.org/morningstar/Arcturus-Community.git synced 2024-11-27 00:40:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

SSO exploit fixed

Browse Source
This commit is contained in:
Beny 2019-05-21 19:09:54 +01:00
parent cde96d3ed7
commit 4fc0a3c9a1
1 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/main/java/com/eu/habbo/habbohotel/users/HabboManager.java
View File

@ -110,7 +110,7 @@ public class HabboManager
try(Connection connection = Emulator.getDatabase().getDataSource().getConnection(); try(Connection connection = Emulator.getDatabase().getDataSource().getConnection();
PreparedStatement statement = connection.prepareStatement("SELECT * FROM users WHERE auth_ticket LIKE ? LIMIT 1")) PreparedStatement statement = connection.prepareStatement("SELECT * FROM users WHERE auth_ticket = ? LIMIT 1"))
{ {
statement.setString(1, sso); statement.setString(1, sso);
try (ResultSet set = statement.executeQuery()) try (ResultSet set = statement.executeQuery())
@ -126,11 +126,10 @@ public class HabboManager
if (!Emulator.debugging) if (!Emulator.debugging)
{ {
try (PreparedStatement stmt = connection.prepareStatement("UPDATE users SET auth_ticket = ? WHERE auth_ticket LIKE ? AND id = ? LIMIT 1")) try (PreparedStatement stmt = connection.prepareStatement("UPDATE users SET auth_ticket = ? WHERE id = ? LIMIT 1"))
{ {
stmt.setString(1, ""); stmt.setString(1, "");
stmt.setString(2, sso); stmt.setInt(2, habbo.getHabboInfo().getId());
stmt.setInt(3, habbo.getHabboInfo().getId());
stmt.execute(); stmt.execute();
} catch (SQLException e) } catch (SQLException e)
{ {