» Menu
» OB/Site News
» Articles
» Barafranca News
kredu
| Registered: | 14:20:25 on 10-03-2011 (4793d 6h 12m 31s ago) |
| Role: |
Member
|
| Last activity: | 20:45:54 on 17-06-2014 (3597d 23h 47m 2s ago) |
| Country: |  Portugal |
| Comment count: | 8 (0 per day) |
| Quotes added: | 0 |
| Credits: | 10.00 |
| Placed bets: | 0 (0 won / 0 lost / 0 pending) |
23-01 Your thoughts...
17:39:27 - 24-01
23-01 Your thoughts...
14:58:40 - 24-01
How to replicate the bug:
$bullets = (int) $_POST['bullets'];
if ($bullets > 400) //error
else {
//stuff
mysql_query("UPDATE `users` SET `bullets` = `bullets` + ".mysql_real_escape_string($_POST['bullets'])." WHERE `userid` = ".$userid);
}
Great devs. :')
$bullets = (int) $_POST['bullets'];
if ($bullets > 400) //error
else {
//stuff
mysql_query("UPDATE `users` SET `bullets` = `bullets` + ".mysql_real_escape_string($_POST['bullets'])." WHERE `userid` = ".$userid);
}
Great devs. :')
18-01 Doping in Omerta?!
17:10:46 - 21-01
How is it possible they don't even cast variables to (int)?
18-01 Doping in Omerta?!
21:00:43 - 18-01
LOL
02-07 Pillory!
14:00:41 - 09-07
zenga at 13:52:48 on 03/07:
It's really sad that people need to cheat in order to play a game.
It's really sad that people need to cheat in order to play a game.
Since Omerta has a built-in script called lackeys, no one has the right to criticize those who prefer something alternative. ;)
How to replicate the bug:
$bullets = (int) $_POST['bullets'];
if ($bullets > 400) //error
else {
//stuff
mysql_query("UPDATE `users` SET `bullets` = `bullets` + ".mysql_real_escape_string($_POST['bullets'])." WHERE `userid` = ".$userid);
}
Great devs. :')
Actually bug happens in the opposite way, not that way.
When the verification has no cast made but the (int) cast is made after verification...
So 900e+100 would pass verification of <900 and then would be casted to 90000000000 in QUERY.