kppw 最新版前台无条件sql注入一枚

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### 简要描述: rt ### 详细说明: /www/lib/inc/CommonClass.php ``` public static function changehongbao($task_id,$moneys,$uid,$money,$title,$g) { $result=db_factory::get_one('select * from '.TABLEPRE.'witkey_space where uid='.$uid); if($g){ $newbalance=$result['balance']-$money+$moneys; db_factory::query('update '.TABLEPRE.'witkey_space set balance='.$newbalance.' where uid='.$uid); keke_finance_class::insert_trust("in", "task_xg", $uid, -$money+$moneys, $newbalance); }else{ $newbalance=$result['balance']+$money; keke_finance_class::insert_trust("in", "finish_task", $uid,$money, $newbalance,$task_id); db_factory::query('update '.TABLEPRE.'witkey_space set balance='.$newbalance.' where uid='.$uid); db_factory::query('update '.TABLEPRE.'witkey_space set is_hongbao=1 where uid='.$uid); db_factory::query('update '.TABLEPRE.'witkey_task_work set work_status=4 where uid='.$uid.' and task_id='.$task_id); } if(!$g){ $v_arr = array ( "红包任务" => '【'.$title.'】', "红包金额" => $money );...

0%
暂无可用Exp或PoC
当前有0条受影响产品信息