No, the title is not clickbait. USA111-based emulators are catastrophically insecure with an absolutely ridiculous amount of 0days.
Any .txt file or even entire folders can be deleted, without ever even creating an account. There are also multiple denial-of-service exploits. These bypass even IP bans.
Also, slightly unrelated, but if you used that "leaked" Debbo "v3.5" source code...you may also want to search for "expl". It's just a v3 source with an added backdoor.
Now let's get down to actually patching our USA111-based emulators, since I really do love these old emulators and would love to see continued development.
Patching unauthenticated exploits:
To prevent the unauthenticated packet abuse, just add this in frmMain before the Select Case:
Fixing some packet parser vulnerabilities:
Find:
Replace with:
Now, let's make sure that even logged-in users can't arbitrarily delete .txt files and folders.
Just enforce an IsNumeric check on all furni IDs for the "Ac" and "Bw" packet handlers (don't forget to add an ownership check).
Also add a string check for "../" in the BA packet handler.
Congratulations. You've just patched 100+ 0day exploits. I'm sure you've already patched @k yourself. I didn't specifically cover it because it's far from a 0day.
No, I will not go into further detail about the exploits. Just know that if you followed the entire guide, your emulator (and PC) is now infinitely more secure.
Any .txt file or even entire folders can be deleted, without ever even creating an account. There are also multiple denial-of-service exploits. These bypass even IP bans.
Also, slightly unrelated, but if you used that "leaked" Debbo "v3.5" source code...you may also want to search for "expl". It's just a v3 source with an added backdoor.
Now let's get down to actually patching our USA111-based emulators, since I really do love these old emulators and would love to see continued development.
Patching unauthenticated exploits:
To prevent the unauthenticated packet abuse, just add this in frmMain before the Select Case:
Code:
If Client(Index).Name = "" And Client(Index).Num = 0 Then
Select Case FindIt
Case "CD", "CJ", "@D", "@k", "@j", "CK", "CN"
Case Else: GoTo fuckyomom
End Select
End IfFixing some packet parser vulnerabilities:
Find:
Code:
reloop:
ReDim Preserve ToDo(Offset) As String
TheNum = Decode(Mid(info, 1, 3))
ToDo(Offset) = Mid(info, 4, TheNum)
info = Right(info, Len(info) - TheNum - 3)
Offset = Offset + 1
If Len(info) >= 1 Then GoTo reloop
Code:
Dim MaxP As Integer: MaxP = 0
reloop:
If Len(info) < 3 Then GoTo doneloop
ReDim Preserve ToDo(Offset) As String
TheNum = Decode(Mid(info, 1, 3))
If TheNum < 1 Or TheNum > 4096 Then GoTo doneloop
If TheNum > Len(info) - 3 Then GoTo doneloop
ToDo(Offset) = Mid(info, 4, TheNum)
info = Right(info, Len(info) - TheNum - 3)
Offset = Offset + 1
MaxP = MaxP + 1
If MaxP > 20 Then GoTo doneloop
If Len(info) >= 3 Then GoTo reloop
doneloop:Now, let's make sure that even logged-in users can't arbitrarily delete .txt files and folders.
Just enforce an IsNumeric check on all furni IDs for the "Ac" and "Bw" packet handlers (don't forget to add an ownership check).
Also add a string check for "../" in the BA packet handler.
Congratulations. You've just patched 100+ 0day exploits. I'm sure you've already patched @k yourself. I didn't specifically cover it because it's far from a 0day.
No, I will not go into further detail about the exploits. Just know that if you followed the entire guide, your emulator (and PC) is now infinitely more secure.
