new account
list users
Map DB
Map Access
New map
Edit map

Back to mainpage
SQL Injection 03/31/2021 08:17 AM
Posted by:panschk[FP]

Hey everyone :-)

Thanks a lot to Crackling who pointed out to me that BWMN has been vulnerable to SQL injection because the inputs were not sanitized. I did not know better when I implemented it back in the day, but at least I tried to fix it now, using a regex search/replace. With this I replaced over 300 places in the code base in one go. This is not perfect and a really serious hacker might still be able to get through, but certainly an improvement. It could also potentially break something, although my tests looked good. If I broke something that previously worked, let me know in the comments.

When doing this on Tuesday, I accidently applied the connection settings to an older backup of the databse, which is used for the 'update project' started but abandoned by mmmk:

Update 2021-04-01: I added another fix that should hopefully fix SQL injection in all cases.


Because of heavy spam on the map comments, it is needed to be logged in to post. We are sorry that this has to be done because nothing else stops spam bots
random map
Newest updates:
  (4)Nightshade 1.1b
  (3)Downtown 0.70
  (4)Ashworld of Char
  (3)Ifrit 1.2
  (4)Mar Sara Waste..
  • month 6:
      (2)Butter 2.0b
  • MOTW
  • week 2021.01:
      (3) Lambda 1.0
  • Main Forum
  • New B..(Kroznade)
  • Magna..(addressee)
  • No Fo..(Pension)
  • Share..(Shade)R)
  • Feedback
  • This s..(triller1)
  • Rotati..(triller1)
  • Off Topic
  • scm dr..(addressee)
  • Real L..(Pension)
  • Vetera..(ProTosS4Ev)
  • Starcraft 2
  • announ..(triller1)
  • STARCR..(triller1)
  • Search Forum
  • How to make larvae spawn at the bottom right corner  
  • Worker pathing guide - How to debug and balance resour  
  • An elegant way of dealing with cliff asymmetry
  • Competition:
  • Innovative Naturals Competition  
  • Tourney Map Pack Aspirant Suggestions  
  • Maps That Need A Remake  
  • Think Quick Map Contest ($100 prize)