» Menu

» Login

» OB/Site News

Omerta News Integration
Comments: 58 - Views: 55090 - Votes: 0
War rating
Comments: 10 - Views: 26413 - Votes: 4
Reporters Wanted!
Comments: 2 - Views: 18351 - Votes: 3
» Articles
Date Comments Rating

General Comments & Major Rumors
Comments: 57,995 - Views: 16,017,390 - Votes: 81
Article is Locked!
Endless Struggle !
Comments: 514 - Views: 17,865 - Votes: 0
23-09 Reset → 30 September 2022, Friday → 12:00 OT
Comments: 72 - Views: 8,930 - Votes: 0
30-09 Welcome to Round #40!
Comments: 2 - Views: 2,192 - Votes: 0
19-09 Congratulations Reichsthaler!
Comments: 0 - Views: 2,060 - Votes: 0
01-09 Not Penny's boat..
Comments: 72 - Views: 18,407 - Votes: 0
21-08 First Family!
Comments: 6 - Views: 2,615 - Votes: 0
12-08 Welcome to Round #39
Comments: 5 - Views: 2,517 - Votes: 0
03-08 Reset → 12 August 2022, Friday → 10:00 OT
Comments: 17 - Views: 5,285 - Votes: 0
27-07 Congratulations Vengeance!
Comments: 8 - Views: 2,731 - Votes: 0
go back
go forward
» Barafranca News

No news found. Reset in progress?
» Online last 15 minutes

Guests: 596
Total members: 3751
Online: 0 (0%)
Members:
» Profile


kredu
Link
Registered: 14:20:25 on 10-03-2011 (5036d 15h 41m 12s ago)
Role:
Member
Last activity: 20:45:54 on 17-06-2014 (3841d 9h 15m 43s ago)
Country: Portugal Portugal
Comment count: 8 (0 per day)
Quotes added: 0
Credits: 10.00
Placed bets: 0 (0 won / 0 lost / 0 pending)
23-01 Your thoughts...
Link
17:39:27 - 24-01
trepatudo at 15:32:26 on 24/01:
kredu at 14:58:40 on 24/01:
How to replicate the bug:

$bullets = (int) $_POST['bullets'];
if ($bullets > 400) //error
else {
//stuff
mysql_query("UPDATE `users` SET `bullets` = `bullets` + ".mysql_real_escape_string($_POST['bullets'])." WHERE `userid` = ".$userid);
}

Great devs. :')

Actually bug happens in the opposite way, not that way.

When the verification has no cast made but the (int) cast is made after verification...
So 900e+100 would pass verification of <900 and then would be casted to 90000000000 in QUERY.
Nope, '900e+100' is interpreted as 90000 by PHP and mySQL, so It would fail the validations. The only way it passes is by casting it to int causing it to be evaluated as 900 (weird php); and using the uncasted value for database query (noob devs).
23-01 Your thoughts...
Link
14:58:40 - 24-01
How to replicate the bug:

$bullets = (int) $_POST['bullets'];
if ($bullets > 400) //error
else {
//stuff
mysql_query("UPDATE `users` SET `bullets` = `bullets` + ".mysql_real_escape_string($_POST['bullets'])." WHERE `userid` = ".$userid);
}

Great devs. :')
18-01 Doping in Omerta?!
Link
17:10:46 - 21-01
How is it possible they don't even cast variables to (int)?
18-01 Doping in Omerta?!
Link
21:00:43 - 18-01
LOL
02-07 Pillory!
Link
14:00:41 - 09-07
zenga at 13:52:48 on 03/07:
It's really sad that people need to cheat in order to play a game.

Since Omerta has a built-in script called lackeys, no one has the right to criticize those who prefer something alternative. ;)