{"id":5889,"date":"2018-11-11T14:10:33","date_gmt":"2018-11-11T19:10:33","guid":{"rendered":"http:\/\/community.mis.temple.edu\/mis5211sec001fall2018\/?p=5889"},"modified":"2018-11-11T14:10:50","modified_gmt":"2018-11-11T19:10:50","slug":"steam-video-game-curation-api","status":"publish","type":"post","link":"https:\/\/community.mis.temple.edu\/mis5211sec001fall2018\/2018\/11\/11\/steam-video-game-curation-api\/","title":{"rendered":"Steam Video Game curation API"},"content":{"rendered":"<p>Hacking an API endpoint is the web request sibling of SQL injection. It is a place where SQL Injection best practices\u00a0 &#8211; parameterization and sanitization of input can be bypassed by directly interacting with a server in JSON or XML (or whatever vernacular your endpoint may spit out)<\/p>\n<p>This would have interested me also<em>&#8230;partner.steamgames.com\/partnercdkeys\/assignkeys\/<\/em><\/p>\n<p>This (and another more ~classic~ SQL injection attack) were discovered by a HackerOne guy who received bounties for his efforts and the full disclosure to the Steam company.<\/p>\n<p>https:\/\/www.zdnet.com\/article\/steam-bug-could-have-given-you-access-to-all-the-cd-keys-of-any-game\/<\/p>\n<p>https:\/\/hackerone.com\/reports\/383127<\/p>\n<p>https:\/\/partner.steamgames.com\/<\/p>\n<p>https:\/\/partner.steampowered.com\/login\/?goto=%2F<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hacking an API endpoint is the web request sibling of SQL injection. It is a place where SQL Injection best practices\u00a0 &#8211; parameterization and sanitization of input can be bypassed by directly interacting with a server in JSON or XML (or whatever vernacular your endpoint may spit out) This would have interested me also&#8230;partner.steamgames.com\/partnercdkeys\/assignkeys\/ This [&hellip;]<\/p>\n","protected":false},"author":20410,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[716936],"tags":[],"class_list":{"0":"post-5889","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-week-11-it-risk","7":"entry"},"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall2018\/wp-json\/wp\/v2\/posts\/5889","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall2018\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall2018\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall2018\/wp-json\/wp\/v2\/users\/20410"}],"replies":[{"embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall2018\/wp-json\/wp\/v2\/comments?post=5889"}],"version-history":[{"count":1,"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall2018\/wp-json\/wp\/v2\/posts\/5889\/revisions"}],"predecessor-version":[{"id":5890,"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall2018\/wp-json\/wp\/v2\/posts\/5889\/revisions\/5890"}],"wp:attachment":[{"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall2018\/wp-json\/wp\/v2\/media?parent=5889"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall2018\/wp-json\/wp\/v2\/categories?post=5889"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall2018\/wp-json\/wp\/v2\/tags?post=5889"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}