|
#11
|
|||
|
|||
security bug:" $from = (int) $_POST["from"];
sql_query("UPDATE users SET seedbonus = seedbonus - '$amount' WHERE id = '$from' LIMIT 1");" lack of controll: if($from!=$CURUSER["id"]) die("Bla bla bla...Transfer from another user like You, is denied!"); Another bug was: $ammount.... $ammountarray=array("10","25","50","100"); if(!in_array($ammount,$ammountaray))die("Bla bla bla...This ammount is not allowed"); |
Tags |
bonus , jquery , points , transfer |
|
|