關於最近易支付漏洞 (The recent vulnerability of Yipay)

隨筆 · 2024-03-16 · 1002 人浏览
關於最近易支付漏洞 (The recent vulnerability of Yipay)

2024.3.14日出現了易支付的漏洞,一個頻道推出了機器人用來提供測試,我注意到很多人都刷著網站的錢來套現,後來據説原理并不是sql注入而是僞造通訊地址。(On March 14, 2024, a vulnerability in YiPay emerged, and a channel launched a bot to provide testing. I noticed that many people were using the website's money to cash out. Later, it was said that the principle was not SQL injection but forged communication addresses.)

我的理解:商城網站填寫通訊地址和易支付網站對接支付系統,儅通訊返回真,則支付成功。那麽通過bot一系列操作讀取了通訊地址並返回真,造成了商城網站誤以爲已經支付。(如果你知道更多信息可以留言給我。) (My understanding: When filling out the communication address on the mall website and connecting to the payment system of the YiPay website, the payment is successful when the communication returns true. Then, through a series of operations, the bot reads the communication address and returns true, causing the mall website to mistakenly think that the payment has been made. If you have any idea about that, please leave a comment bellow)

最新版修復易支付下載地址(Latest version of the repaired Yipay)

  1. nans 2024-03-31


    1. Xue Li (作者)  2024-04-01

      sorry.my google account blocked...

  2. Tomiya 2024-03-23


    1. Xue Li (作者)  2024-03-23


      1. Tomiya 2024-03-23
        @Xue Li


        1. Xue Li (作者)  2024-03-23


          1. Tomiya 2024-03-24
            @Xue Li


            1. Xue Li (作者)  2024-03-24


本站立足于美利堅合衆國,請讀者自覺遵守當地法律!如有違規,本站不承擔任何法律責任! This site is based in the United States of America, readers are requested to abide by local laws! If there are any violations, this site does not bear any legal responsibility! Theme Jasmine by Kent Liao