2024.3.14日出現了易支付的漏洞,一個頻道推出了機器人用來提供測試,我注意到很多人都刷著網站的錢來套現,後來據説原理并不是sql注入而是僞造通訊地址。(On March 14, 2024, a vulnerability in YiPay emerged, and a channel launched a bot to provide testing. I noticed that many people were using the website's money to cash out. Later, it was said that the principle was not SQL injection but forged communication addresses.)
我的理解:商城網站填寫通訊地址和易支付網站對接支付系統,儅通訊返回真,則支付成功。那麽通過bot一系列操作讀取了通訊地址並返回真,造成了商城網站誤以爲已經支付。(如果你知道更多信息可以留言給我。) (My understanding: When filling out the communication address on the mall website and connecting to the payment system of the YiPay website, the payment is successful when the communication returns true. Then, through a series of operations, the bot reads the communication address and returns true, causing the mall website to mistakenly think that the payment has been made. If you have any idea about that, please leave a comment bellow)
下载不了,404了
sorry.my google account blocked...
这个易支付安装上之后,访问会500错误哇
需要配置Nginx。詳細看我另一個教程。
找不到哇,可以给我另一个教程的链接嘛
https://blog.xueli.lol/WelfareSharing/690.html
提示:
未找到页面
我们找不到您想要的页面,返回首页
[https://img2.imgtp.com/2024/03/24/h48S9v1d.png]
好了。