SSO exploit fixed

This commit is contained in:
Beny 2019-05-21 19:09:54 +01:00
parent cde96d3ed7
commit 4fc0a3c9a1

View File

@ -110,7 +110,7 @@ public class HabboManager
try(Connection connection = Emulator.getDatabase().getDataSource().getConnection();
PreparedStatement statement = connection.prepareStatement("SELECT * FROM users WHERE auth_ticket LIKE ? LIMIT 1"))
PreparedStatement statement = connection.prepareStatement("SELECT * FROM users WHERE auth_ticket = ? LIMIT 1"))
{
statement.setString(1, sso);
try (ResultSet set = statement.executeQuery())
@ -126,11 +126,10 @@ public class HabboManager
if (!Emulator.debugging)
{
try (PreparedStatement stmt = connection.prepareStatement("UPDATE users SET auth_ticket = ? WHERE auth_ticket LIKE ? AND id = ? LIMIT 1"))
try (PreparedStatement stmt = connection.prepareStatement("UPDATE users SET auth_ticket = ? WHERE id = ? LIMIT 1"))
{
stmt.setString(1, "");
stmt.setString(2, sso);
stmt.setInt(3, habbo.getHabboInfo().getId());
stmt.setInt(2, habbo.getHabboInfo().getId());
stmt.execute();
} catch (SQLException e)
{