These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

Issues, Workarounds & Localization

 
  • Topic is locked indefinitely.
 

Potential SQL Injection on EvE Community Website
Author
Previous Topic Next Topic
BigSako
Aliastra
Gallente Federation
#1 - 2013-09-06 14:08:20 UTC  |  Edited by: BigSako
This might sound harsh, but there seems to be an SQL injection going on on the EvE Community website for the API section.

Already submitted a bug report, but this needs to be handled quick, so I'm trying to get attention here too.
CCP look at my support ticket under website or contact me ingame if you need more information.

I did not cause the SQL injection nor did I use it, I just saw that something is going wrong.


edit: this has already been repoted a MONTH ago
https://forums.eveonline.com/default.aspx?g=posts&m=3405925#post3405925
BigSako
Aliastra
Gallente Federation
#2 - 2013-09-08 10:54:44 UTC
this still hasn't been fixed for the API link, which still shows as


a href="/-1'%20or%2042-40%20=%20'2/api-key/"
API Key Management
Rutger Janssen
Chanuur
The Initiative.
#3 - 2013-09-08 11:37:49 UTC  |  Edited by: Rutger Janssen
I have no idea how much damage it can do, but if it can do any damage I would suggest removing the info. Instead mail security@ccpgames.com as told by http://community.eveonline.com/news/dev-blogs/2384

If it can't do damage, well, just file a bug report and have it waits it turn.