Bank - SQL "bug"

Locked
Einstein
Fledgling Forumer
Posts: 105
Joined: Sun Jun 11, 2006 6:32 am
ID: 0
Location: Portugal

Bank - SQL "bug"

When you enter anything other than numbers on the bank it shows this

Query2 failed: update `UserDetails` set gold=gold-,bank=bank+0, bankCount=bankCount+1 WHERE ID='49443' #/bank2.phpYou have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'bank=bank+0, bankCount=bankCount+1 WHERE ID='49443' #/bank2.php' at line 1
Warning: Cannot modify header information - headers already sent by (output started at /game/stargame/stargatewars.com/vsys.php:1056) in /game/stargame/stargatewars.com/bank2.php on line 73


not really a BUG but the value should be tested first and you should never send the sql msg back to the user... half way to being haxed is intel and your giving some there.
Top
Blackburn
Forum Regular
Posts: 740
Joined: Tue Oct 24, 2006 4:56 am
Alliance: Ω Allegiance
Race: System Lord
ID: 90384

Re: Bank - SQL "bug"

I hope people wont be able to exploit this bug.

Kinda weir bug tho.
Image
Image
Image
Top
Scott
Forum Newbie
Posts: 33
Joined: Mon Jul 17, 2006 7:03 am

Re: Bank - SQL "bug"

This bug is not exploitable though it does reveal enough about the structure of the database to be used if another section of code is found to be exploitable.

funciton posing($inp){

$inp = intval($inp);
if($inp < 0){
$inp = $inp*-1;
}

retrun $inp;

}
Top
Locked

Return to “Bugs Archive”