phpmps 注入一枚

简要描述： 过滤不严。 详细说明： 在member.php case 'checkinfogold': $json = new ServicesJSON; extract$REQUEST; $mgold = $db-getOne"select gold from $tablemember where userid='$userid' "; $data'kou' = $CFG'infotopgold' intval$number; $data'gold' = $mgold - $data'kou'; $data=$json-encode$data; echo $data; break;...