Hi guys,
VBCredit has a big exploit that every user can cheat easily. Just when the credit popup open, and click repeatly as fast as you can to the submit button (of course after you enter the amount of donate to this user), the engine did not provide a policy to prevent that just like prevent multiple submit. And the credit point of the sender can be a negative number, and the credit point of the receiver, sadly enough, can be exactly the total amount of the donate amount multiply with the number of the click (usually 2-4).
I try to add a little javascript to this submit button (onclick="this.disabled=true) to prevent multiple submit, but I think it's not a good solution. Anyone can use Chrome or FF Firebug to edit and delete my onclick code easily.
So it belongs to the DBT team to fix it from the core engine.
Thanks.
VBCredit has a big exploit that every user can cheat easily. Just when the credit popup open, and click repeatly as fast as you can to the submit button (of course after you enter the amount of donate to this user), the engine did not provide a policy to prevent that just like prevent multiple submit. And the credit point of the sender can be a negative number, and the credit point of the receiver, sadly enough, can be exactly the total amount of the donate amount multiply with the number of the click (usually 2-4).
I try to add a little javascript to this submit button (onclick="this.disabled=true) to prevent multiple submit, but I think it's not a good solution. Anyone can use Chrome or FF Firebug to edit and delete my onclick code easily.
So it belongs to the DBT team to fix it from the core engine.
Thanks.