XSS, SQL Injection and logic problem in banksend.htm

[Ali-Albakara]

$RecUser=$_POST['recvusername']; -- Not sanitized, used in a query later, used in a message later. SQL Injection & XSS.
$details .= $_POST['details']; -- XSS, used in the message later.

Logic problem:
To deduce the amount the hacker is sending to another hacker, the amount is being multiplied by -1, so if he's sending 5000, the game treats it as if its -5000. What happens if the original amount I sent is -5000 and it gets multiplied by -1? It turns into a positive integer (5000) and I gain free cash.

[Ali-Albakara]

Applied to clanbanksend.htm as well.

[booth-f]

Just tested this out myself and wow, That is a huge logic error. Thanks for the find. I'll push a fix in the next few hours once I get back.

Also thanks for finding issues #4 and #6. I felt that the code to them seemed a bit off but not as bad as a SQL injection. Grateful for the find. 👍

[booth-f]

Status Update: Fixed in dev code (Pending Push)