MODELCAR.HK

Taobao (淘寶) Security Hole? PHP Code Exposed!

By admin, December 13, 2012 6:53 pm

This is so strange when I typed in “18 Mulsanne” in Taobao today and suddenly the result page turns into raw PHP code, it must be a serious security hole somewhere, probably it’s server got hacked. However, consequence searches all return normal result, just wired!

<?php

include "common.inc.php";
include "{$ROOT}/common/base32.inc.php";
$location_url = "/search?";
if ((isset($_SERVER["SCRIPT_NAME"]) && $_SERVER["SCRIPT_NAME"] ===
"/browse/search_auction.htm") || isset($_GET["taoke_from"])
&& $_GET["taoke_from"] === "search_auction") {
    foreach ($_GET as $k => $v) {
        if (!empty($v) && array_key_exists($k, $PARAMS)) {
            if (in_array($k, array('q', 'loc'))) {
                if (isset($_GET["_input_charset"]) && $_GET["_input_charset"]
=== 'utf-8') {
                    $v = urlencode(iconv('UTF-8', 'GBK', $v));
                } else {
                    $v = urlencode($v);
                }
            }
            $location_url .= $k . "=" . trim($v) . "&";
        }
    }
    $location_url = rtrim($location_url, '&');
    header("Location:$location_url");
    exit();
}
if (($_GET["cat"] <> "
...

Network & Server (網絡及服務器)

December 2025

M T W T F S S

« Nov

1 2 3 4 5 6 7

8 9 10 11 12 13 14

15 16 17 18 19 20 21

22 23 24 25 26 27 28

29 30 31
Categories
- Collecting Path (收藏之路) (1560)
- Die-Cast Models (汽車模型) (202)
  - Alfa Romeo (愛快羅密歐) (3)
  - Aston Martin (阿斯頓馬丁) (7)
  - Austin-Healey (奧斯汀-希利) (1)
  - Bentley (賓利) (8)
  - Bugatti (布加迪) (2)
  - Dodge (道奇) (3)
  - Ferrari (法拉利) (99)
  - Ford (福特) (4)
  - Honda (本田) (1)
  - Jaguar (捷豹) (2)
  - Koenigsegg (科尼賽克) (1)
  - Lamborghini (林寶堅尼) (11)
  - Lancia (藍旗亞) (1)
  - Land Rover (路虎) (1)
  - Maybach (邁巴赫) (1)
  - Mazda (萬事得) (1)
  - Mercedes-Benz (奔馳) (5)
  - Nissan (日產) (9)
  - Porsche (保時捷) (41)
  - Rolls Royce (勞斯萊斯) (1)
- For Sale & Wanted (出售及徵求) (20)
- Links (連接) (65)
- News (新聞) (136)
- Others (其它) (1037)
  - Delicious Food (美食) (56)
  - General (一般) (212)
  - Movie (電影) (52)
  - Music (音樂) (82)
  - Network & Server (網絡及服務器) (273)
    - Equallogic & VMWare (虛擬化技術) (180)
  - Photography (攝影) (62)
  - Tennis (網球) (154)
    - Hong Kong Tennis Classic (香港網球精英賽) (7)
  - Travel (旅遊) (158)
    - 2010 Angkor Wat (吳哥窟) (24)
    - 2010 Pattaya (芭堤雅) (4)
    - 2013 Kansai (京阪神) (11)
    - 2014 Kansai (京阪) (1)
    - 2015 Kansai (京阪) (19)
    - 2015 Russia (俄羅斯) (68)
    - 2016 Kansai (京阪) (15)
    - 2017 Eastern Europe (東歐) (1)
    - 2018 Portugal Spain (葡萄牙/西班牙) (1)
    - 2019 Ça c'est la vraie vie! (法國) (2)
    - 2019 Kansai (京阪) (1)
- Real Car Snaphot (實車隨拍) (329)
Recent Comments
- William Bruce on About 關於
- Christian on About 關於
- admin on 1961年法拉利勇奪英國銀石賽道的1-2-3名!
- John Moore on Ferrari 250 GTO: CMC 與 Kyosho的外型對比 (轉文)
- whl on 1961年法拉利勇奪英國銀石賽道的1-2-3名!
- admin on Khyzyl Saleem INFINITY
- József Szajkó on Khyzyl Saleem INFINITY
- admin on 1/18 Exoto Ferrari 250 LM (RLG18460)
- Raymond on 1/18 Exoto Ferrari 250 LM (RLG18460)
- Raymond on 新旧竟然意外的融和
Archives
- November 2025 (1)
- October 2025 (1)
- September 2025 (2)
- August 2025 (1)
- July 2025 (3)
- June 2025 (7)
- May 2025 (2)
- April 2025 (1)
- March 2025 (1)
- February 2025 (1)
- January 2025 (2)
- December 2024 (1)
- October 2024 (1)
- September 2024 (2)
- August 2024 (1)
- July 2024 (5)
- June 2024 (1)
- May 2024 (2)
- April 2024 (7)
- March 2024 (2)
- February 2024 (4)
- January 2024 (5)
- December 2023 (3)
- November 2023 (1)
- October 2023 (4)
- September 2023 (1)
- August 2023 (3)
- July 2023 (2)
- June 2023 (1)
- May 2023 (2)
- April 2023 (7)
- March 2023 (1)
- February 2023 (2)
- January 2023 (1)
- December 2022 (1)
- November 2022 (1)
- October 2022 (3)
- September 2022 (3)
- August 2022 (9)
- July 2022 (5)
- June 2022 (4)
- May 2022 (7)
- April 2022 (9)
- March 2022 (3)
- February 2022 (7)
- January 2022 (12)
- December 2021 (5)
- November 2021 (9)
- October 2021 (3)
- September 2021 (11)
- August 2021 (19)
- July 2021 (5)
- June 2021 (3)
- May 2021 (10)
- April 2021 (11)
- March 2021 (3)
- February 2021 (6)
- January 2021 (4)
- December 2020 (11)
- November 2020 (3)
- October 2020 (10)
- September 2020 (7)
- August 2020 (9)
- July 2020 (5)
- June 2020 (7)
- May 2020 (3)
- April 2020 (5)
- March 2020 (6)
- February 2020 (3)
- January 2020 (15)
- December 2019 (27)
- November 2019 (6)
- October 2019 (7)
- September 2019 (10)
- August 2019 (7)
- July 2019 (8)
- June 2019 (8)
- May 2019 (4)
- April 2019 (20)
- March 2019 (17)
- February 2019 (10)
- January 2019 (9)
- December 2018 (26)
- November 2018 (22)
- October 2018 (17)
- September 2018 (12)
- August 2018 (21)
- July 2018 (7)
- June 2018 (16)
- May 2018 (30)
- April 2018 (25)
- March 2018 (24)
- February 2018 (29)
- January 2018 (33)
- December 2017 (20)
- November 2017 (20)
- October 2017 (16)
- September 2017 (29)
- August 2017 (10)
- July 2017 (11)
- June 2017 (20)
- May 2017 (33)
- April 2017 (19)
- March 2017 (26)
- February 2017 (12)
- January 2017 (35)
- December 2016 (45)
- November 2016 (36)
- October 2016 (25)
- September 2016 (36)
- August 2016 (23)
- July 2016 (9)
- June 2016 (16)
- May 2016 (20)
- April 2016 (26)
- March 2016 (65)
- February 2016 (42)
- January 2016 (60)
- December 2015 (44)
- November 2015 (30)
- October 2015 (37)
- September 2015 (35)
- August 2015 (31)
- July 2015 (17)
- June 2015 (86)
- May 2015 (39)
- April 2015 (21)
- March 2015 (49)
- February 2015 (24)
- January 2015 (40)
- December 2014 (12)
- November 2014 (8)
- October 2014 (17)
- September 2014 (29)
- August 2014 (15)
- July 2014 (22)
- June 2014 (11)
- May 2014 (23)
- April 2014 (26)
- March 2014 (28)
- February 2014 (27)
- January 2014 (23)
- December 2013 (13)
- November 2013 (17)
- October 2013 (17)
- September 2013 (11)
- August 2013 (23)
- July 2013 (18)
- June 2013 (21)
- May 2013 (44)
- April 2013 (35)
- March 2013 (52)
- February 2013 (28)
- January 2013 (21)
- December 2012 (18)
- November 2012 (11)
- October 2012 (17)
- September 2012 (30)
- August 2012 (55)
- July 2012 (26)
- June 2012 (33)
- May 2012 (25)
- April 2012 (32)
- March 2012 (14)
- February 2012 (5)
- January 2012 (12)
- December 2011 (20)
- November 2011 (25)
- October 2011 (25)
- September 2011 (24)
- August 2011 (18)
- July 2011 (27)
- June 2011 (34)
- May 2011 (41)
- April 2011 (34)
- March 2011 (21)
- February 2011 (19)
- January 2011 (15)
- December 2010 (12)
- November 2010 (4)
- October 2010 (37)
- September 2010 (9)
- August 2010 (14)
- July 2010 (8)
- June 2010 (17)
- May 2010 (19)
- April 2010 (15)
- March 2010 (50)
- February 2010 (13)
- January 2010 (23)
- December 2009 (15)
- November 2009 (17)
- October 2009 (29)
- September 2009 (29)
- August 2009 (24)
- July 2009 (18)
- June 2009 (2)
- May 2009 (2)
- April 2009 (2)
- March 2009 (5)
- February 2009 (7)
- December 2008 (1)
- November 2008 (1)
- October 2008 (5)
- September 2008 (3)
- August 2008 (3)
- July 2008 (2)
- February 2008 (1)

My Die-Cast Collection & Interests

Taobao (淘寶) Security Hole? PHP Code Exposed!

Leave a Reply

Categories

Recent Comments

Archives

December 2025
M	T	W	T	F	S	S
« Nov
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31