PW银行爆刷钱漏洞

LIN

unread,

Jul 28, 2009, 2:51:57 AM7/28/09

to Ph4nt0m

紧急：PW银行爆刷钱漏洞，附补丁 (6.3.2/7.x) -- 07月26日
http://www.phpwind.net/read-htm-tid-830532-page-1.html

bug描述:
因MySQL在自动转换整型数值时存在溢出,导致会员可利用银行插件提交恶意数据而进行刷积分。

有谁知道怎么利用吗？

Rinima!

unread,

Aug 1, 2009, 2:44:42 AM8/1/09

to ph4...@googlegroups.com

DZ插件也有不少漏洞呢。

这个银行刷了能做什么啊。。又不能换人民币。。

2009/7/28 LIN <jian...@gmail.com>

--
欢迎光临：http://www.rinima.com

ring04h

unread,

Aug 1, 2009, 11:07:00 AM8/1/09

to ph4...@googlegroups.com

存入银行一块钱，然后取钱

取钱的数值设置为： 0.99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999

无数个9, 这样就可以利用了。

2009/8/1 Rinima! <x...@rinima.com>

克雷周

unread,

Aug 2, 2009, 12:10:53 PM8/2/09

to ph4...@googlegroups.com

我还以为是提款机的漏洞

--- 09年8月1日，周六, ring04h <rin...@gmail.com> 写道：

发件人: ring04h <rin...@gmail.com>
主题: [Ph4nt0m] Re: PW银行爆刷钱漏洞
收件人: ph4...@googlegroups.com
日期: 2009年8月1日,周六,下午11:07

存入银行一块钱，然后取钱

取钱的数值设置为： 0.99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999

无数个9, 这样就可以利用了。

2009/8/1 Rinima! <x...@rinima.com>

DZ插件也有不少漏洞呢。

这个银行刷了能做什么啊。。又不能换人民币。。

2009/7/28 LIN <jian...@gmail.com>

紧急：PW银行爆刷钱漏洞，附补丁 (6..3.2/7.x) -- 07月26日

http://www.phpwind.net/read-htm-tid-830532-page-1.html

bug描述:
因MySQL在自动转换整型数值时存在溢出,导致会员可利用银行插件提交恶意数据而进行刷积分。

有谁知道怎么利用吗？

--

欢迎光临：http://www.rinima.com

好玩贺卡等你发，邮箱贺卡全新上线！

h g

unread,

Aug 2, 2009, 8:27:22 PM8/2/09

to ph4...@googlegroups.com

刚试了，不行啊

2009/8/1 ring04h <rin...@gmail.com>

Evlos

unread,

Aug 2, 2009, 9:56:24 PM8/2/09

to ph4...@googlegroups.com

Powered by PHPWind v7.0

试了一个没用的样子。。。

2009/8/3 h g <info...@gmail.com>

--
我抽的不是烟是寂寞
我聊的不是天是寂寞
我吃的不是饭是寂寞
我拉的不是屎是寂寞
我喝的不是水是寂寞
我泡的不是妞是寂寞
我看的不是球是寂寞
我读的不是书是寂寞
我睡的不是觉是寂寞
我玩的不是游戏是寂寞
我看的不是电影是寂寞
我干得不是工作是寂寞
我说的不是笑话是寂寞 ....

est

unread,

Aug 3, 2009, 12:24:09 AM8/3/09

to Ph4nt0m

试了一下，总资产为-1了，但是存银行会很快资产增加利息。

sunshine timego

unread,

Aug 2, 2009, 11:06:29 PM8/2/09

to ph4...@googlegroups.com

唉！一群无聊淫！我还以为能刷RMB呢

Cityhunter

unread,

Aug 2, 2009, 11:15:09 PM8/2/09

to Ph4nt0m

惊现寂寞党

On 8月3日, 上午9时56分, Evlos <4ty...@gmail.com> wrote:
> Powered by *PHPWind* <http://www.phpwind.net/> *v7.0*<http://www.phpwind.net/>
>
> 试了一个没用的样子。。。
>
> 2009/8/3 h g <infos...@gmail.com>
>
>
>
> > 刚试了，不行啊
>
> > 2009/8/1 ring04h <ring...@gmail.com>

>
> > 存入银行一块钱，然后取钱
> >> 取钱的数值设置为：
> >> 0.99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
> >> 无数个9, 这样就可以利用了。
>
> >> 2009/8/1 Rinima! <x...@rinima.com>
>
> >> DZ插件也有不少漏洞呢。
> >>> 这个银行刷了能做什么啊。。又不能换人民币。。
>

> >>> 2009/7/28 LIN <jianl...@gmail.com>

jinn jinn

unread,

Feb 7, 2010, 11:24:23 PM2/7/10

to ph4...@googlegroups.com

擦，存一块钱，是不是故意的，，，，无数人存了一块咩，

在 2009年8月3日上午11:06，sunshine timego <sti...@gmail.com>写道：

唉！一群无聊淫！我还以为能刷RMB呢

--~--~---------~--~----~------------~-------~--~----~
要向邮件组发送邮件，请发到 ph4...@googlegroups.com
要退订此邮件，请发邮件至 ph4nt0m-u...@googlegroups.com

-~----------~----~----~----~------~----~------~--~---

--
加油！

sunshine timego

unread,

Feb 18, 2010, 12:42:53 AM2/18/10

to ph4...@googlegroups.com

楼上的要是能刷RMB还能轮的到你我之辈知道嘛

Reply all

Reply to author

Forward

PW银行爆刷钱漏洞

LIN

Rinima!

ring04h

克雷 周

h g

Evlos

est

sunshine timego

Cityhunter

jinn jinn

sunshine timego

克雷周