Merge branch 'swf-exploit-fix' into 'master'
Swf exploit fix See merge request official-plugins/apollyon!7
This commit is contained in:
commit
3762dc3ad3
@ -1,27 +1,31 @@
|
|||||||
package org.krews.apollyon.ftp;
|
package org.krews.apollyon.ftp;
|
||||||
|
|
||||||
import com.eu.habbo.Emulator;
|
import com.eu.habbo.Emulator;
|
||||||
|
import org.krews.apollyon.utils.PngSignatureChecker;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.OutputStream;
|
import java.io.OutputStream;
|
||||||
import java.net.URL;
|
import java.net.URL;
|
||||||
import java.net.URLConnection;
|
import java.net.URLConnection;
|
||||||
import java.net.URLEncoder;
|
import java.net.URLEncoder;
|
||||||
|
import java.util.Arrays;
|
||||||
|
|
||||||
public class FTPUploadService {
|
public class FTPUploadService {
|
||||||
private static final String ftpUrl = "ftp://%s:%s@%s/%s;type=i";
|
private static final String ftpUrl = "ftp://%s:%s@%s/%s;type=i";
|
||||||
|
|
||||||
public static void uploadImage(byte[] image, String uploadPath) throws IOException{
|
public static void uploadImage(byte[] image, String uploadPath) throws IOException {
|
||||||
String host = Emulator.getConfig().getValue("ftp.host");
|
if (PngSignatureChecker.isPngFile(image)) {
|
||||||
String user = Emulator.getConfig().getValue("ftp.user");
|
String host = Emulator.getConfig().getValue("ftp.host");
|
||||||
String pass = Emulator.getConfig().getValue("ftp.password");
|
String user = Emulator.getConfig().getValue("ftp.user");
|
||||||
|
String pass = Emulator.getConfig().getValue("ftp.password");
|
||||||
|
|
||||||
String uploadURL = String.format(ftpUrl, URLEncoder.encode(user, "UTF-8"), URLEncoder.encode(pass, "UTF-8"), host, uploadPath);
|
String uploadURL = String.format(ftpUrl, URLEncoder.encode(user, "UTF-8"), URLEncoder.encode(pass, "UTF-8"), host, uploadPath);
|
||||||
|
|
||||||
URL url = new URL(uploadURL);
|
URL url = new URL(uploadURL);
|
||||||
URLConnection conn = url.openConnection();
|
URLConnection conn = url.openConnection();
|
||||||
OutputStream outputStream = conn.getOutputStream();
|
OutputStream outputStream = conn.getOutputStream();
|
||||||
outputStream.write(image, 0, image.length);
|
outputStream.write(image, 0, image.length);
|
||||||
outputStream.close();
|
outputStream.close();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1,21 +1,19 @@
|
|||||||
package org.krews.apollyon.incoming;
|
package org.krews.apollyon.incoming;
|
||||||
|
|
||||||
import com.eu.habbo.Emulator;
|
import com.eu.habbo.Emulator;
|
||||||
import com.eu.habbo.habbohotel.catalog.CatalogManager;
|
|
||||||
import com.eu.habbo.habbohotel.rooms.Room;
|
import com.eu.habbo.habbohotel.rooms.Room;
|
||||||
import com.eu.habbo.messages.incoming.MessageHandler;
|
import com.eu.habbo.messages.incoming.MessageHandler;
|
||||||
import com.eu.habbo.messages.outgoing.camera.CameraURLComposer;
|
import com.eu.habbo.messages.outgoing.camera.CameraURLComposer;
|
||||||
import com.eu.habbo.messages.outgoing.generic.alerts.GenericAlertComposer;
|
import com.eu.habbo.messages.outgoing.generic.alerts.GenericAlertComposer;
|
||||||
import io.netty.buffer.ByteBuf;
|
import io.netty.buffer.ByteBuf;
|
||||||
import io.netty.buffer.ByteBufInputStream;
|
import io.netty.buffer.ByteBufInputStream;
|
||||||
import javafx.scene.Camera;
|
|
||||||
import org.krews.apollyon.ftp.FTPUploadService;
|
import org.krews.apollyon.ftp.FTPUploadService;
|
||||||
|
import org.krews.apollyon.utils.PngSignatureChecker;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
import javax.imageio.ImageIO;
|
import javax.imageio.ImageIO;
|
||||||
import java.awt.image.BufferedImage;
|
import java.awt.image.BufferedImage;
|
||||||
import java.awt.image.DataBufferByte;
|
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.lang.IllegalArgumentException;
|
import java.lang.IllegalArgumentException;
|
||||||
@ -26,23 +24,28 @@ public class CameraRoomPictureEvent extends MessageHandler {
|
|||||||
@Override
|
@Override
|
||||||
public void handle() {
|
public void handle() {
|
||||||
if (!this.client.getHabbo().hasPermission("acc_camera")) {
|
if (!this.client.getHabbo().hasPermission("acc_camera")) {
|
||||||
this.client.sendResponse(new GenericAlertComposer(Emulator.getTexts().getValue("camera.permission")));
|
this.client.sendResponse(new GenericAlertComposer(Emulator.getTexts().getValue("camera.permission")));
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
Room room = this.client.getHabbo().getHabboInfo().getCurrentRoom();
|
Room room = this.client.getHabbo().getHabboInfo().getCurrentRoom();
|
||||||
|
|
||||||
if (room == null)
|
if (room == null)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
final int count = this.packet.readInt();
|
final int count = this.packet.readInt();
|
||||||
|
|
||||||
ByteBuf image = this.packet.getBuffer().readBytes(count);
|
ByteBuf image = this.packet.getBuffer().readBytes(count);
|
||||||
|
ByteBuf imageCopy = image.copy();
|
||||||
|
|
||||||
if (image == null)
|
if (image == null)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
byte[] imageBytes = new byte[image.readableBytes()];
|
||||||
|
image.readBytes(imageBytes);
|
||||||
|
|
||||||
|
if (PngSignatureChecker.isPngFile(imageBytes)) {
|
||||||
this.packet.readString();
|
this.packet.readString();
|
||||||
this.packet.readString();
|
this.packet.readString();
|
||||||
this.packet.readInt();
|
this.packet.readInt();
|
||||||
@ -61,14 +64,11 @@ public class CameraRoomPictureEvent extends MessageHandler {
|
|||||||
lol.lastRanTimestamps.put(this.client.getHabbo(), Emulator.getIntUnixTimestamp());
|
lol.lastRanTimestamps.put(this.client.getHabbo(), Emulator.getIntUnixTimestamp());
|
||||||
|
|
||||||
try {
|
try {
|
||||||
if(Emulator.getConfig().getInt("ftp.enabled") == 1) {
|
if (Emulator.getConfig().getInt("ftp.enabled") == 1) {
|
||||||
byte[] imageBytes = new byte[image.readableBytes()];
|
|
||||||
image.readBytes(imageBytes);
|
|
||||||
FTPUploadService.uploadImage(imageBytes, Emulator.getConfig().getValue("imager.location.output.camera") + URL);
|
FTPUploadService.uploadImage(imageBytes, Emulator.getConfig().getValue("imager.location.output.camera") + URL);
|
||||||
FTPUploadService.uploadImage(imageBytes, Emulator.getConfig().getValue("imager.location.output.camera") + URL_small);
|
FTPUploadService.uploadImage(imageBytes, Emulator.getConfig().getValue("imager.location.output.camera") + URL_small);
|
||||||
}
|
} else {
|
||||||
else {
|
BufferedImage theImage = ImageIO.read(new ByteBufInputStream(imageCopy));
|
||||||
BufferedImage theImage = ImageIO.read(new ByteBufInputStream(image));
|
|
||||||
ImageIO.write(theImage, "png", new File(Emulator.getConfig().getValue("imager.location.output.camera") + URL));
|
ImageIO.write(theImage, "png", new File(Emulator.getConfig().getValue("imager.location.output.camera") + URL));
|
||||||
ImageIO.write(theImage, "png", new File(Emulator.getConfig().getValue("imager.location.output.camera") + URL_small));
|
ImageIO.write(theImage, "png", new File(Emulator.getConfig().getValue("imager.location.output.camera") + URL_small));
|
||||||
}
|
}
|
||||||
@ -80,8 +80,9 @@ public class CameraRoomPictureEvent extends MessageHandler {
|
|||||||
}
|
}
|
||||||
|
|
||||||
this.client.sendResponse(new CameraURLComposer(URL));
|
this.client.sendResponse(new CameraURLComposer(URL));
|
||||||
} finally {
|
|
||||||
image.release();
|
|
||||||
}
|
}
|
||||||
|
} finally {
|
||||||
|
image.release();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
@ -0,0 +1,20 @@
|
|||||||
|
package org.krews.apollyon.utils;
|
||||||
|
|
||||||
|
import org.slf4j.Logger;
|
||||||
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
|
import java.util.Arrays;
|
||||||
|
|
||||||
|
public class PngSignatureChecker {
|
||||||
|
private static final Logger LOGGER = LoggerFactory.getLogger(PngSignatureChecker.class);
|
||||||
|
private static byte[] signature = new byte[] { -119, 80, 78, 71, 13, 10, 26, 10 };
|
||||||
|
|
||||||
|
public static boolean isPngFile(byte[] file) {
|
||||||
|
if (Arrays.equals(Arrays.copyOfRange(file, 0, 8), signature)) {
|
||||||
|
return true;
|
||||||
|
} else {
|
||||||
|
LOGGER.warn("[Apollyon] Someone tried to exploit the camera by uploading a malicious file!");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user