PW银行爆刷钱漏洞

80 views
Skip to first unread message

LIN

unread,
Jul 28, 2009, 2:51:57 AM7/28/09
to Ph4nt0m
紧急:PW银行爆刷钱漏洞,附补丁 (6.3.2/7.x) -- 07月26日
http://www.phpwind.net/read-htm-tid-830532-page-1.html

bug描述:
因MySQL在自动转换整型数值时存在溢出,导致会员可利用银行插件提交恶意数据而进行刷积分。

有谁知道怎么利用吗?

Rinima!

unread,
Aug 1, 2009, 2:44:42 AM8/1/09
to ph4...@googlegroups.com
DZ插件也有不少漏洞呢。
这个银行刷了能做什么啊。。又不能换人民币。。

2009/7/28 LIN <jian...@gmail.com>
--
欢迎光临:http://www.rinima.com

ring04h

unread,
Aug 1, 2009, 11:07:00 AM8/1/09
to ph4...@googlegroups.com
存入银行一块钱,然后取钱
取钱的数值设置为: 0.99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
无数个9, 这样就可以利用了。

2009/8/1 Rinima! <x...@rinima.com>

克雷 周

unread,
Aug 2, 2009, 12:10:53 PM8/2/09
to ph4...@googlegroups.com
我还以为是提款机的漏洞

--- 09年8月1日,周六, ring04h <rin...@gmail.com> 写道:

发件人: ring04h <rin...@gmail.com>
主题: [Ph4nt0m] Re: PW银行爆刷钱漏洞
收件人: ph4...@googlegroups.com
日期: 2009年8月1日,周六,下午11:07

存入银行一块钱,然后取钱
取钱的数值设置为: 0.99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
无数个9, 这样就可以利用了。

2009/8/1 Rinima! <x...@rinima.com>
DZ插件也有不少漏洞呢。
这个银行刷了能做什么啊。。又不能换人民币。。

2009/7/28 LIN <jian...@gmail.com>
紧急:PW银行爆刷钱漏洞,附补丁 (6..3.2/7.x)  -- 07月26日

http://www.phpwind.net/read-htm-tid-830532-page-1.html

bug描述:
因MySQL在自动转换整型数值时存在溢出,导致会员可利用银行插件提交恶意数据而进行刷积分。

有谁知道怎么利用吗?

--
欢迎光临:http://www.rinima.com





好玩贺卡等你发,邮箱贺卡全新上线!

h g

unread,
Aug 2, 2009, 8:27:22 PM8/2/09
to ph4...@googlegroups.com
刚试了,不行啊

2009/8/1 ring04h <rin...@gmail.com>

Evlos

unread,
Aug 2, 2009, 9:56:24 PM8/2/09
to ph4...@googlegroups.com
Powered by PHPWind v7.0 

试了一个 没用的样子 。。。

2009/8/3 h g <info...@gmail.com>



--
我抽的不是烟 是寂寞
我聊的不是天 是寂寞
我吃的不是饭 是寂寞
我拉的不是屎 是寂寞
我喝的不是水 是寂寞
我泡的不是妞 是寂寞
我看的不是球 是寂寞
我读的不是书 是寂寞
我睡的不是觉 是寂寞
我玩的不是游戏 是寂寞
我看的不是电影 是寂寞
我干得不是工作 是寂寞
我说的不是笑话 是寂寞  ....

est

unread,
Aug 3, 2009, 12:24:09 AM8/3/09
to Ph4nt0m
试了一下,总资产为-1了,但是存银行会很快资产增加利息。

sunshine timego

unread,
Aug 2, 2009, 11:06:29 PM8/2/09
to ph4...@googlegroups.com
 唉!一群无聊淫!我还以为能刷RMB呢

Cityhunter

unread,
Aug 2, 2009, 11:15:09 PM8/2/09
to Ph4nt0m
惊现寂寞党

On 8月3日, 上午9时56分, Evlos <4ty...@gmail.com> wrote:
> Powered by *PHPWind* <http://www.phpwind.net/> *v7.0*<http://www.phpwind.net/>
>
> 试了一个 没用的样子 。。。
>
> 2009/8/3 h g <infos...@gmail.com>
>
>
>
> > 刚试了,不行啊
>
> > 2009/8/1 ring04h <ring...@gmail.com>


>
> > 存入银行一块钱,然后取钱
> >> 取钱的数值设置为:
> >> 0.99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
> >> 无数个9, 这样就可以利用了。
>
> >> 2009/8/1 Rinima! <x...@rinima.com>
>
> >> DZ插件也有不少漏洞呢。
> >>> 这个银行刷了能做什么啊。。又不能换人民币。。
>

> >>> 2009/7/28 LIN <jianl...@gmail.com>

jinn jinn

unread,
Feb 7, 2010, 11:24:23 PM2/7/10
to ph4...@googlegroups.com
擦,存一块钱,是不是故意的,,,,无数人存了一块咩,

在 2009年8月3日 上午11:06,sunshine timego <sti...@gmail.com>写道:
 唉!一群无聊淫!我还以为能刷RMB呢


--~--~---------~--~----~------------~-------~--~----~
 要向邮件组发送邮件,请发到 ph4...@googlegroups.com
 要退订此邮件,请发邮件至 ph4nt0m-u...@googlegroups.com

-~----------~----~----~----~------~----~------~--~---




--
加油!

sunshine timego

unread,
Feb 18, 2010, 12:42:53 AM2/18/10
to ph4...@googlegroups.com
楼上的 要是能刷RMB还能轮的到你我之辈知道嘛
Reply all
Reply to author
Forward
0 new messages