XSS, SQL Injection and logic problem in banksend.htm

Question

XSS, SQL Injection and logic problem in banksend.htm

Closed this issue 8 years ago · 3 comments

$RecUser=$_POST['recvusername']; -- Not sanitized, used in a query later, used in a message later. SQL Injection & XSS.
$details .= $_POST['details']; -- XSS, used in the message later.

Logic problem:
To deduce the amount the hacker is sending to another hacker, the amount is being multiplied by -1, so if he's sending 5000, the game treats it as if its -5000. What happens if the original amount I sent is -5000 and it gets multiplied by -1? It turns into a positive integer (5000) and I gain free cash.

Answer 1 · 2017-09-19T17:29:33.000Z

Applied to clanbanksend.htm as well.

Answer 2 · 2017-09-19T19:21:22.000Z

Just tested this out myself and wow, That is a huge logic error. Thanks for the find. I'll push a fix in the next few hours once I get back.

Also thanks for finding issues #4 and #6. I felt that the code to them seemed a bit off but not as bad as a SQL injection. Grateful for the find. 👍

Answer 3 · 2017-09-20T09:35:01.000Z

Status Update: Fixed in dev code (Pending Push)