security bug:" $from = (int) $_POST["from"];
sql_query("UPDATE users SET seedbonus = seedbonus - '$amount' WHERE id = '$from' LIMIT 1");" lack of controll: if($from!=$CURUSER["id"]) die("Bla bla bla...Transfer from another user like You, is denied!"); Another bug was: $ammount.... $ammountarray=array("10","25","50","100"); if(!in_array($ammount,$ammountaray))die("Bla bla bla...This ammount is not allowed"); |
All times are GMT +2. The time now is 15:51. |
Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.