Bravo List
Page 2 of 2 1 2
Show 40 post(s) from this thread on one page

Bravo List (http://www.bvlist.com/index.php)
-   Mods & Themes (http://www.bvlist.com/forumdisplay.php?f=109)
-   -   Transfer bonus points [jQuery] (http://www.bvlist.com/showthread.php?t=10706)

needforszpit 29th March 2016 02:21
security bug:" $from = (int) $_POST["from"];
sql_query("UPDATE users SET seedbonus = seedbonus - '$amount' WHERE id = '$from' LIMIT 1");"
lack of controll: if($from!=$CURUSER["id"]) die("Bla bla bla...Transfer from another user like You, is denied!");

Another bug was: $ammount....
$ammountarray=array("10","25","50","100");
if(!in_array($ammount,$ammountaray))die("Bla bla bla...This ammount is not allowed");


All times are GMT +2. The time now is 13:40.
Page 2 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.