mirror of
https://git.krews.org/morningstar/Arcturus-Community.git
synced 2024-11-30 09:50:51 +01:00
SSO exploit fixed
This commit is contained in:
parent
cde96d3ed7
commit
4fc0a3c9a1
@ -110,7 +110,7 @@ public class HabboManager
|
|||||||
|
|
||||||
|
|
||||||
try(Connection connection = Emulator.getDatabase().getDataSource().getConnection();
|
try(Connection connection = Emulator.getDatabase().getDataSource().getConnection();
|
||||||
PreparedStatement statement = connection.prepareStatement("SELECT * FROM users WHERE auth_ticket LIKE ? LIMIT 1"))
|
PreparedStatement statement = connection.prepareStatement("SELECT * FROM users WHERE auth_ticket = ? LIMIT 1"))
|
||||||
{
|
{
|
||||||
statement.setString(1, sso);
|
statement.setString(1, sso);
|
||||||
try (ResultSet set = statement.executeQuery())
|
try (ResultSet set = statement.executeQuery())
|
||||||
@ -126,11 +126,10 @@ public class HabboManager
|
|||||||
|
|
||||||
if (!Emulator.debugging)
|
if (!Emulator.debugging)
|
||||||
{
|
{
|
||||||
try (PreparedStatement stmt = connection.prepareStatement("UPDATE users SET auth_ticket = ? WHERE auth_ticket LIKE ? AND id = ? LIMIT 1"))
|
try (PreparedStatement stmt = connection.prepareStatement("UPDATE users SET auth_ticket = ? WHERE id = ? LIMIT 1"))
|
||||||
{
|
{
|
||||||
stmt.setString(1, "");
|
stmt.setString(1, "");
|
||||||
stmt.setString(2, sso);
|
stmt.setInt(2, habbo.getHabboInfo().getId());
|
||||||
stmt.setInt(3, habbo.getHabboInfo().getId());
|
|
||||||
stmt.execute();
|
stmt.execute();
|
||||||
} catch (SQLException e)
|
} catch (SQLException e)
|
||||||
{
|
{
|
||||||
|
Loading…
Reference in New Issue
Block a user