刚试了,不行啊 2009/8/1 ring04h <[email protected]>
> 存入银行一块钱,然后取钱 > 取钱的数值设置为: > 0.99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999 > 无数个9, 这样就可以利用了。 > > 2009/8/1 Rinima! <[email protected]> > > DZ插件也有不少漏洞呢。 >> 这个银行刷了能做什么啊。。又不能换人民币。。 >> >> 2009/7/28 LIN <[email protected]> >> >>> 紧急:PW银行爆刷钱漏洞,附补丁 (6.3.2/7.x) -- 07月26日 >>> http://www.phpwind.net/read-htm-tid-830532-page-1.html >>> >>> bug描述: >>> 因MySQL在自动转换整型数值时存在溢出,导致会员可利用银行插件提交恶意数据而进行刷积分。 >>> >>> 有谁知道怎么利用吗? >>> >>> -- >>> 欢迎光临:http://www.rinima.com >>> >>> >>> --~--~---------~--~----~------------~-------~--~----~ 要向邮件组发送邮件,请发到 [email protected] 要退订此邮件,请发邮件至 [email protected] -~----------~----~----~----~------~----~------~--~---
