SA-MP Forums

Go Back   SA-MP Forums > SA-MP Scripting and Plugins > Scripting Help > Tutorials

Reply
 
Thread Tools Display Modes
Old 05/06/2016, 11:53 PM   #1
Metharon
Huge Clucker
 
Metharon's Avatar
 
Join Date: Apr 2014
Location: England
Posts: 340
Reputation: 34
Default Protection against '%' dialog vulnerability!

Example:

https://www.youtube.com/watch?v=RJ6F17EFqYc

You can fix it simple by checking the inputtext before using it with this stock :

pawn Code:
stock CheckDialogBug(message[])
{
    new message_length = strlen(message);
    for(new i; i < message_length; i++)
    {
        if(message[i] == '%')
        {
            return 1;
        }
    }
    return 0;
}

Now you're gonna use this checking in all DIALOG_STYLE_INPUT dialogs.

Example of usage:

Code:
if(CheckDialogBug(inputtext)) return SendClientMessage(playerid, 0, "{FFFFFF}You can't use '%' in strings.");
__________________
#Mad
Metharon is offline   Reply With Quote
Old 06/06/2016, 12:07 AM   #2
BlackBank
Gangsta
 
Join Date: Dec 2010
Location: The Netherlands
Posts: 522
Reputation: 437
Default Re: Protection against '%' dialog vulnerability!

I doubt if this is a bug... How do you use the inputtext in your format's and printfs?

Because if i use a %s in any format/printf, then it just works.
My test code:
PHP Code:
public OnGameModeInit() {
    new
        
message[] = "%s",
        
string[128]
    ;
    
format(stringsizeof(string), "%s"message);
    
    
printf("%s"message);
    return 
1;

UPDATE: nvm, i see now that SendClientMessageToAll doesn't like %s and any other format.
BlackBank is offline   Reply With Quote
Old 06/06/2016, 12:17 AM   #3
Aliassassin123456
Banned
 
Join Date: Apr 2013
Location: 0x7f000001
Posts: 232
Reputation: 67
Default Re: Protection against '%' dialog vulnerability!

Metharon is right, it's a bug. (with entering a %s and using it on format, it will fuck the server)
There's a filter on message with OnPlayerText and OnPlayerCommandText, it removes % on input and also colors on input too!
But you can use the filter which is using on OnPlayerText and OnPlayerCommandText:
Code:
for(new i = 0, j = strlen(input); i < j; i++)
{
	if(input[i] == '%') input[i] = '#';
}
Also you must write a code to filter color embedding like {FFFFFF} (isn't a vulnerability but player mustn't be able to use embedded colors IMO)
Easy to write, I'll post it here soon.

Last edited by Aliassassin123456; 06/06/2016 at 04:34 PM.
Aliassassin123456 is offline   Reply With Quote
Old 06/06/2016, 04:21 PM   #4
Aliassassin123456
Banned
 
Join Date: Apr 2013
Location: 0x7f000001
Posts: 232
Reputation: 67
Default Re: Protection against '%' dialog vulnerability!

Ok, here is the code:

Code:
// By AliAssassiN
// Code removed- sorry
Example:
Code:
new test[90];
format(test, 90, "Gitchasbdhias {dsadaksm}{{FFFFFF}} {FF00AA0} {FF00AA} ASLdM {ASdSAMk2} {ZAFFAA}QDad");
printf("Before: %s\n", test);
removeEmbeddedColor(test);
printf("After: %s\n", test);
Output:
Code:
Before: Gitchasbdhias {dsadaksm}{{FFFFFF}} {FF00AA0} {FF00AA} ASLdM {ASdSAMk2} {ZAFFAA}QDad

After: Gitchasbdhias {dsadaksm}{ FFFFFF } {FF00AA0}  FF00AA  ASLdM {ASdSAMk2} {ZAFFAA}QDad

Last edited by Aliassassin123456; 15/12/2017 at 09:46 PM.
Aliassassin123456 is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Vulnerability UCP Schaffer Server Support 4 30/03/2015 08:59 PM
[CRITICAL VULNERABILITY] RHEL ErickOwnZ Everything and Nothing 3 01/10/2014 01:22 AM
Player Protection. Like Protection when entering checkpoint. and interior. stevestelford Scripting Help 2 08/06/2012 12:03 AM
URGENT: mass player crash vulnerability IAmNeverBored Bug Reports 2 03/12/2011 05:46 AM


All times are GMT. The time now is 10:36 PM.


Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.