Bravo List
Register
Go Back   > Bravo List > Sourcecode > TBDev > Mods & Themes
Reply
  #11  
Old 29-03-16, 02:21
needforszpit's Avatar
needforszpit needforszpit is offline
Member
 
Join Date: Nov 2009
Hungary
Posts: 1
Default
security bug:" $from = (int) $_POST["from"];
sql_query("UPDATE users SET seedbonus = seedbonus - '$amount' WHERE id = '$from' LIMIT 1");"
lack of controll: if($from!=$CURUSER["id"]) die("Bla bla bla...Transfer from another user like You, is denied!");

Another bug was: $ammount....
$ammountarray=array("10","25","50","100");
if(!in_array($ammount,$ammountaray))die("Bla bla bla...This ammount is not allowed");
Reply With Quote
Reply

Tags
bonus , jquery , points , transfer

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT +2. The time now is 14:18. vBulletin skin by ForumMonkeys. Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2017, vBulletin Solutions Inc.