Warning about API and web form exploits

For discussion of the Poker Mavens server module and other administration topics
Post Reply
Kent Briggs
Site Admin
Posts: 5878
Joined: Wed Mar 19, 2008 8:47 pm

Warning about API and web form exploits

Post by Kent Briggs »

A situation came up recently from a customer who was seeing unauthorized "set balance" records in his event log. Without publicly giving up too much detail, the source of the exploit came from their own web site that accepted user input, which was used to pass parameters to an API call. If you have similar code on your own site, make sure you are scrubbing those user inputs for parameter injection.
Post Reply