In this thread will I, togehter with my friend HippeN present some information and perhaps something entertaining too, but
to start with I want to say that we don't take any responsibility for what's happening when you use these bugs. It could be everything
from bans to a "knock-knock" visit from Sulake.

So, what is it?
This started in the Swedish hotel, since me and HippeN are from Sweden. We created a group where we let people who had a possible value
for "bug spotting" join. In the end we had a list with about 20 bugs. We took this list, about six months ago and sent it to the Swedish hotels safety
manager "VincentViga". With the list I also sent a film, showing how to use one of the bugs.

I received a letter containing a thank you where he also told me he sent it to the HQ in Finland to work on a solution to this.
Time passed, new versions came. An update for the Habbo Homes? Not a sign of it.

That's why we decided, 3-4 versions later to set a bit of pressure on Sulake and present the bugs, with instructions here at the forum.
Hopefully a solution will be presented by Sulake and we receive some credit for solving problems which can be used quite seriously.

What is needed?
Firefox, Tamper data (addon) and Firebug (addon), which is the tools we use.

-----------------

# BUG ONE. Add user to your group #

Now, you might wonder what we mean by adding a user to your group.
Well, the Habbo groups uses a kind of input-field when you accept a members-application for your group.

This input-data is possible for us to edit, with the help of Firebug, and then post the data to their servers.
And, easy as that, you may have a staff member or two in your group.

So, this is how you do it: (Requires: Firefox and Firebug)

* Go to your group, click to the list with waiting members.
* When you are here, activate Firebug by clicking the little bug in the statusbar of Firefox.
* Now, a field will pop-up at the lower part of your browser. Press Inspect.
* Hold the mouse over one of the names. Click when a blue window pops-up around the name.
* Now, a piece of the code will be marked in the field below the Inspect-button. Search until you find a piece of code that looks similar to this:
"<input id="group-memberlist-m-0123456" type="checkbox" style="margin: 0pt; padding: 0pt; vertical-align: middle;"/>"

* Edit 0123456 to another ID. The first Habbo at your hotel will most probably have ID 1, but you can choose any Habbo you want.

-----------------

Hopefully we will be ready to release the next bug by tomorrow!

Very detailed, i'm sure they appreciate people like you putting this forward..

We should arrange something like this on UK, rather then a bunch of new users asking for furni in our "bugs/pilot" forums. :/

+rep for the effort :)

Boxiel: Thank you for your input, we will do our best to update this thread as often as we can.
I dont know what Sulake think, but with a waitingtime that is around 6 months, its fair (to me..) publishing this list.

/H

Lmao thats pretty awsome, so you can actually put different people in your group without them even joining?!

Lmao thats pretty awsome, so you can actually put different people in your group without them even joining?!

Exactly ;)

Exactly ;)
Lmao, thats pretty awsome glitch/bug! +rep

# BUG TWO. Make a user send you a friends request without this person even knowing about it #

This isn't really a bug, more like a smaller hole that is possible to use in unintended ways.

So, how do you do it? Well, when you visit a habbo's home there will be a button, "Ask to become friend" (if the user accepts friendrequests!). The link used by this button is possible to manipulate and you can, because of that, for example with a 1x1 pixels large iframe, make sure that everyone who visits your link sends a friends request to you (or the habbo you chose...).

* You create a homepage in a language you choose, for example HTML and using Javascript, but it works with all languages.
* When you've done this, add a redirect to the following adress:
"http://www.habbo.se/myhabbo/friends/addAfterLogin?accountId=12345678"
* Replace 12345678 with yours or someone elses Habbo ID.
* When a user visits the page you created he will now be sent to the hotel homepage and send a friends request to the habbo you've chosen.

(Tip: Add it in a 1x1 pixels iframe and try to make a habbo-staff visit it, and you might find yourself have a friends request from a staff ;)

EDIT: Delete this post, I was sure I clicked "Edit"...

# BUG TWO. Make a user send you a friends request without this person even knowing about it #

This isn't really a bug, more like a smaller hole that is possible to use in unintended ways.

So, how do you do it? Well, when you visit a habbo's home there will be a button, "Ask to become friend" (if the user accepts friendrequests!). The link used by this button is possible to manipulate and you can, because of that, for example with a 1x1 pixels large iframe, make sure that everyone who visits your link sends a friends request to you (or the habbo you chose...).

* You create a homepage in a language you choose, for example HTML and using Javascript, but it works with all languages.
* When you've done this, add a redirect to the following adress:
"http://www.habbo.se/myhabbo/friends/addAfterLogin?accountId=12345678"
* Replace 12345678 with yours or someone elses Habbo ID.
* When a user visits the page you created he will now be sent to the hotel homepage and send a friends request to the habbo you've chosen.

Tip: Add it in a 1x1 pixels iframe and try to make a habbo-staff visit it, and you might find yourself have a friends request from a staff ;)

What if you don't have or use firefox? Your pretty stuffed

How do you find out their id?

What if you don't have or use firefox? Your pretty stuffed

It's free, just download it at http://www.getfirefox.com ;)

How do you find out their id?
Habbo.xx/credits
Choose from telephone (red one).
You see the code, press: Choose another Habbo.
Fill in Habboname, you get the ID.

can u get permed fru doing this?

I'm not sure, as I warned them about it six months ago and now I want some response :P

But can this be counted as scripting?

Nah, more like hacking ;)

has any1 been banned through doing this?

I think I know a guy who got banned by doing something else, "Hacking is not allowed", kind of. I don't know what will happen when this many habbos start doing it though.

I thought this was counted as a bug tho

Yes, but you never know with Sulake ;)

hmm.. I wouldn't risk it tbh.

Hmm.. see i want to but i dont want a ban.

Hm.. surely its a bug?

Oh well, I'm not sure. What I do know is that you use something in a way Sulake didn't intend it.

LOL this kid called Lynx on my list, what a noob. He's like :
"OMG YOU ADDED JIBBI AND GROUPOS WERNT AROUND THEN IM REPORTING YOU TO THE MODERATORS"

oh dear.. LOL?

yeah well i think its the same for adding people to your lists, you used to be able to do it and get away with it

This is getting clamped down on though, (Newsround was the best link i could find) http://news.bbc.co.uk/cbbcnews/hi/newsid_7700000/newsid_7703200/7703238.stm

Edit: The child hackers, Not the habbo hackers.

Oh well, I'm not sure. What I do know is that you use something in a way Sulake didn't intend it.
I've known about the 2nd bug for ages :P You can also embed it into images.

[img ]http://www.habbo.se/myhabbo/friends/addAfterLogin?accountId=12345678[ /img]

or

<img src="http://www.habbo.se/myhabbo/friends/addAfterLogin?accountId=12345678" />


This is getting clamped down on though, (Newsround was the best link i could find) http://news.bbc.co.uk/cbbcnews/hi/newsid_7700000/newsid_7703200/7703238.stm

Edit: The child hackers, Not the habbo hackers.
Since no one is breaking into computers its not hacking.

I asked if it was a bannable offence to add people to your groups using firebug (including staff members)

heres the reply:
http://i38.tinypic.com/5mbj92.png

Since anyone can do it with admin rights, you cannot be 'treated' for it in anyway...

# BUG THREE. MAKE YOUR GROUP BADGE INVISIBLE #

Note that this is a bit more advanced than my previous bugs, and that you might run in to problems several times, which means you must have patience.

What you do while you do this is "simply" manipulating the data for the group-badge while it is getting saved.

So, this is how you do it: (Requires: Firefox and Tamper data)

* First, open the editor for group-badges from the group menu. http://www.zirro.se/o/bugs/bug1.png
* That ends the easy part. Now, open up Tamper data.
* Press the "Start Tamper" button in Tamper data.
* Now, save the badge and you will have a message appearing from Tamper data.
* It will give you three options, Tamper, Submit or Abort Request. Choose "Tamper". http://www.zirro.se/o/bugs/bug3.png
* A new window will pop-up. You will see a box to the right, containing a lot of different values.
* Locate the part which says "code=" and just change it to "code=lol" (and let the values which was there before remain after "lol"). http://www.zirro.se/o/bugs/bug4.png
* After that, just press the "OK" button and you should have an invisible group badge.

* It doesn't have to be "lol", you might choose something else.

Tip: Uncheck the checkbox which says "Continue Tampering?" when you got to the badge-related pop-up, since that won't have other pop-ups disturb you.

EDIT: Also noticed that when you use "Haxxortester" instead of "lol" for example, the badge will disappear as an image even, which makes it load with text to the left :P

Mate, I hate to break it to you but these "bugs" have been known for ageeees :P

How come they haven't got patched then? :P

As Habbo are verrryy slow with fixing bugs :P

Good that they get a bit known then, making Sulake aware of them.

Also, noticed that when you use "Haxxortester" instead of "lol" for example, the badge will disappear as an image even, which makes it load with text to the left :)

You may still be able to give groups no name/desc either like I did on this group last year: http://www.habbo.co.uk/groups/omgwutrudoing

You may still be able to give groups no name/desc either like I did on this group last year: http://www.habbo.co.uk/groups/omgwutrudoing

Nice one ;)

Mate, I hate to break it to you but these "bugs" have been known for ageeees :P
Please read first post :)
They knew them for ages too ;)

How long is ages?

This has only come around today and been patched already as staff read these forums

This has only come around today and been patched already as staff read these forums

It's not patched. I just added hobbacontact to my group.

This has only come around today and been patched already as staff read these forums
Nothing of your post is true.

YOU only noticed today ;)

How do we find what a Habbo's ID is so I can get particular habbo's?

You will fine google chromes Inspect Element works as good too. Right click on the item u are wanting to edit and Inspect Element and it takes u straight to the code.

How to find the other users ID:

To to the users home.
View Source
In the header look for
<scirpt type "text/javascript"> document.observe("dom:loaded", function() { initView(24568594, 12545968); }); </script>

First number is the other user
2nd is yours (if logged in)

Sulake can't patch this only Mozilla can. Its going to create absolute havoc really. Its not started on Habbo USA, SG, AU others yet -COFFFFFF. also how u do it for hotels that u cnt look up ID for or that are banned i cba to view source ;l

Sulake can't patch this only Mozilla can. Its going to create absolute havoc really. Its not started on Habbo USA, SG, AU others yet -COFFFFFF. also how u do it for hotels that u cnt look up ID for or that are banned i cba to view source ;l

It happened on finaland already, habborator was saying :o

Sulake can't patch this only Mozilla can. Its going to create absolute havoc really. Its not started on Habbo USA, SG, AU others yet -COFFFFFF. also how u do it for hotels that u cnt look up ID for or that are banned i cba to view source ;l
Sulake can patch this. all they need to do is check the id with the database to make sure they have actually applied to join the group. Mozilla have nothing to do with it.

Sulake can patch this. all they need to do is check the id with the database to make sure they have actually applied to join the group. Mozilla have nothing to do with it.

well if the tool was created by MOZILLA firebug.

So what? The tool is not created to exploit Habbo, it's created to do this stuff to websites SINCE it has actual pro's too.
Sulake just acted very dumb by not doing anything against these bugs.

So what? The tool is not created to exploit Habbo, it's created to do this stuff to websites SINCE it has actual pro's too.
Sulake just acted very dumb by not doing anything against these bugs.

Has anyone been banned through using this tool?

I doubt anyone has as using it IS NOT against the habbo way.

Has anyone been banned through using this tool?

I doubt anyone has as using it IS NOT against the habbo way.

Yes, a number of people have been banned including marvo,e5 and many others

Heres an important tip


If you script members into your group eg staff members and other well known names MAKE SURE there is some admins in the group aswell

Reason: They cannot trace who scripted the group, therefore cannot ban any of the admins.

If you do not follow this, you will most likely get banned.

i got permed btw m8 sooooooooooooooooooooooooooooooooooooooooooooo if u made 1 of them groups, hide it nw