A rare loophole in giants (making you the richest person in the journey)

A rare loophole in giants (making you the richest person in the journey)

Maybe I'm a little surprised at the moment.

Giant Mall journey this can change point card, feel a little interesting, continue to look down

Then I was surprised to find out this thing at http://jf.ztgame.com/tmp/config.txt. you can view the data library configuration directly.
 

It is a coincidence that the configuration of each database and the account and password are described in detail... The website also has a phpmyadmin
 

Then, use the account and password recorded by him to connect to the system... (2000) The config.txt record is so important that you have no permission to access the database, more than tables, including the managed account and password, and user information, there are credit item information, and... No redeem credit card!
 

The following two figures show that the converted card has a UNIX Timestamp and a key card table... There is no timestamp. It's a little amazing. Don't continue testing at this point.
 

 

User information includes user accounts and hash, and information about physical exchange records is leaked.
 

Finally, the shopping mall product card redemption requires a number of points, but it is modified. In the dark of night, the shopping mall will be able to redeem a lot of cards, redeem points, and redeem equipment. It is definitely the best thing to do. Of course it is not serious, friendship test without any data
 

I skipped the CAPTCHA human bypass review to help me with the code. Is there a gift?

 

 

Solution:

You can control the permissions.