作者:T00ls 核心成员 Xhm1n9
时间:2010.8.19
1:joinvipgroup.php //注入
function up_vipuser(){
global $lang,$db,$dv,$userid,$userinfo,$vipgroupuser;
$groupid=$_POST['vipgroupid'];
$btype=$_POST['Btype'];
$vipmoney=$_POST['vipmoney'];
$vipticket=$_POST['vipticket'];
if($groupid==0 or $vipmoney
showmsg($lang['join.info4']);
exit;
}
$issql=$db->scalar("SELECT count(1) FROM {$dv}usergroups WHERE parentgid=5 and usergroupid='".intval($groupid)."'");echo $issql;
if($issql>0 AND ($sql=$db->query("SELECT usergroupid,title,usertitle,groupsetting,grouppic FROM {$dv}usergroups WHERE parentgid=5 and usergroupid='".intval($groupid)."'"))){
while ($arr=$db->fetch_array($sql)){
$vipgroupsetting=explode(",",$arr['groupsetting']);
$upsetting=explode($lang['join.separator1'], $vipgroupsetting[71]);//'升级到该组所需金币数 金币数§点券数§有效天数§最低天数
if($btype==1){echo "???";
$vipmoney=0;
if(intval($upsetting[3])>0){
$mustnum=$upsetting[3]*$upsetting[1]/$upsetting[2];
if($mustnum>0){
$mustnum=number_format($mustnum,0);
}else{
showmsg($lang['join.info5']);
exit;
}
}
if($userinfo['userticket']
showmsg($lang['join.info6']);
exit;
}
$updats=$vipticket*$upsetting[2]/$upsetting[1];
$updats=intval(number_format($updats,0));
}else{echo "&&&";
$vipticket=0;
if($upsetting[3]>0){
$mustnum=$upsetting[3]*$upsetting[0]/$upsetting[2];
if($mustnum>0){
$mustnum=number_format($mustnum,0);
}else{
showmsg($lang['join.info5']);
exit;
}
}
var_dump($userinfo['usermoney']
var_dump($vipmoney
if($userinfo['usermoney']
showmsg($lang['join.info7']);
exit;
}
$updats=$vipmoney*$upsetting[2]/$upsetting[0];
$updats=intval(number_format($updats,0));
}
if($vipgroupuser===true){echo "%%%";
$db->query("UPDATE {$dv}user SET usergroupid=".$groupid.",userclass='".$arr['usertitle']."',titlepic='".$arr['grouppic']."',usermoney=usermoney-".$vipmoney.",userticket=userticket-".$vipticket.",vip_endtime='".($userinfo['vip_endtime']+$updates*24*3600)."' WHERE userid=".$userid."");
$db->query("UPDATE {$dv}online SET usergroupid='$groupid' Where userid=$userid");
}else{echo "^^^";
$db->query("UPDATE {$dv}user SET usergroupid=".$groupid.",userclass='".$arr['usertitle']."',titlepic='".$arr['grouppic']."',usermoney=usermoney-".$vipmoney.",userticket=userticket-".$vipticket.",vip_endtime='".(TIME_NOW+$updates*24*3600)."',vip_startime='".TIME_NOW."' WHERE userid=".$userid."");
$db->query("UPDATE {$dv}online SET usergroupid='$groupid' Where userid=$userid");
}
..............................................................
$vipmoney变量没有过滤,利用前提是管理员设了vip会员组,有点金币:)
文章来源于lcx.cc:【转载】dvbbs php2.0 的几处 0day
写完了“富二代问题”(相见:https://lcx.cc/post/466/),又想起一个“宅男”问题,在这里接着讨论一下。 首先,什么是宅男:宅男是指每天憋在屋子里不出去社会交往,沉迷于玩电脑游戏、网络聊天、泡论坛、看动漫、看电视连续剧的这群人。 宅男,不是…
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论