Warning about API and web form exploits

For discussion of the Poker Mavens server module and other administration topics

Warning about API and web form exploits

Postby Kent Briggs » Sun Aug 23, 2015 1:58 pm

A situation came up recently from a customer who was seeing unauthorized "set balance" records in his event log. Without publicly giving up too much detail, the source of the exploit came from their own web site that accepted user input, which was used to pass parameters to an API call. If you have similar code on your own site, make sure you are scrubbing those user inputs for parameter injection.
Kent Briggs - [email protected]
Briggs Softworks - http://www.briggsoft.com
Kent Briggs
Site Admin
 
Posts: 3909
Joined: Wed Mar 19, 2008 8:47 pm

Return to Site Administration

Who is online

Users browsing this forum: No registered users and 2 guests

cron