bug描述:
因MySQL在自动转换整型数值时存在溢出,导致会员可利用银行插件提交恶意数据而进行刷积分。
有谁知道怎么利用吗?
我还以为是提款机的漏洞 --- 09年8月1日,周六, ring04h <rin...@gmail.com> 写道:
|
|
|
On 8月3日, 上午9时56分, Evlos <4ty...@gmail.com> wrote:
> Powered by *PHPWind* <http://www.phpwind.net/> *v7.0*<http://www.phpwind.net/>
>
> 试了一个 没用的样子 。。。
>
> 2009/8/3 h g <infos...@gmail.com>
>
>
>
> > 刚试了,不行啊
>
> > 2009/8/1 ring04h <ring...@gmail.com>
>
> > 存入银行一块钱,然后取钱
> >> 取钱的数值设置为:
> >> 0.99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
> >> 无数个9, 这样就可以利用了。
>
> >> 2009/8/1 Rinima! <x...@rinima.com>
>
> >> DZ插件也有不少漏洞呢。
> >>> 这个银行刷了能做什么啊。。又不能换人民币。。
>
> >>> 2009/7/28 LIN <jianl...@gmail.com>
唉!一群无聊淫!我还以为能刷RMB呢
--~--~---------~--~----~------------~-------~--~----~
要向邮件组发送邮件,请发到 ph4...@googlegroups.com
要退订此邮件,请发邮件至 ph4nt0m-u...@googlegroups.com
-~----------~----~----~----~------~----~------~--~---