Well, as you may know, a lot of hotels have been attacked the last few days.
I make a fast (because of urgency) fix for it, I'm not a pro, and I really hope somebody better than me make it (or at least a better filter).
First of all, go to your ButterflyEnvironment.cs, and below of
Insert:
Now, you will go to Messages/ClientMessage.cs
Search by internal string PopFixedString(), replace by
Then, search by internal string PopFixedString(Encoding encoding) replace by:
That will prevent any kind of SQL Injection, but will have some problems... That is because I wish to have somebody to make it better. The filter ISN'T perfect, because if you say TRUNCATE, for example, will be replaced for *bobba*.
Consider it as a temporaly fix.
Cheers,
Droppy
I make a fast (because of urgency) fix for it, I'm not a pro, and I really hope somebody better than me make it (or at least a better filter).
First of all, go to your ButterflyEnvironment.cs, and below of
Code:
internal static class ButterflyEnvironment
{Code:
public static string DeletePossiblyTreat(string PopFixedString)
{
List<string> blackwords = new List<string>();
blackwords.Add("DROP TABLE");
blackwords.Add("rank=");
blackwords.Add("TRUNCATE");
blackwords.Add("DELETE FROM");
blackwords.Add("SELECT (");
blackwords.Add("SELECT *");
blackwords.Add("INSERT INTO");
blackwords.Add("UPDATE");
blackwords.Add("CREATE");
blackwords.Add("RENAME");
foreach (string cont in blackwords)
{
if (PopFixedString.ToLower().Contains(cont.ToLower()))
{
PopFixedString = "*bobba*";
}
}
return PopFixedString;
}Search by internal string PopFixedString(), replace by
Code:
internal string PopFixedString()
{
return ButterflyEnvironment.DeletePossiblyTreat(this.PopFixedString(ButterflyEnvironment.GetDefaultEncoding()));
}Code:
internal string PopFixedString(Encoding encoding)
{
return ButterflyEnvironment.DeletePossiblyTreat(encoding.GetString(this.ReadFixedValue()));
}Consider it as a temporaly fix.
Cheers,
Droppy