關於最近易支付漏洞 (The recent vulnerability of Yipay)

隨筆 · 03-16 · 859 人浏览
關於最近易支付漏洞 (The recent vulnerability of Yipay)

2024.3.14日出現了易支付的漏洞,一個頻道推出了機器人用來提供測試,我注意到很多人都刷著網站的錢來套現,後來據説原理并不是sql注入而是僞造通訊地址。(On March 14, 2024, a vulnerability in YiPay emerged, and a channel launched a bot to provide testing. I noticed that many people were using the website's money to cash out. Later, it was said that the principle was not SQL injection but forged communication addresses.)

我的理解:商城網站填寫通訊地址和易支付網站對接支付系統,儅通訊返回真,則支付成功。那麽通過bot一系列操作讀取了通訊地址並返回真,造成了商城網站誤以爲已經支付。(如果你知道更多信息可以留言給我。) (My understanding: When filling out the communication address on the mall website and connecting to the payment system of the YiPay website, the payment is successful when the communication returns true. Then, through a series of operations, the bot reads the communication address and returns true, causing the mall website to mistakenly think that the payment has been made. If you have any idea about that, please leave a comment bellow)

最新版修復易支付下載地址(Latest version of the repaired Yipay)

  1. nans 03-31

    下载不了,404了

    1. Xue Li (作者)  04-01
      @nans

      sorry.my google account blocked...

  2. Tomiya 03-23

    这个易支付安装上之后,访问会500错误哇

    1. Xue Li (作者)  03-23
      @Tomiya

      需要配置Nginx。詳細看我另一個教程。

      1. Tomiya 03-23
        @Xue Li

        找不到哇,可以给我另一个教程的链接嘛

        1. Xue Li (作者)  03-23
          @Tomiya

          https://blog.xueli.lol/WelfareSharing/690.html

          1. Tomiya 03-24
            @Xue Li

            提示:
            未找到页面
            我们找不到您想要的页面,返回首页
            [https://img2.imgtp.com/2024/03/24/h48S9v1d.png]

            1. Xue Li (作者)  03-24
              @Tomiya

              好了。

本站立足于美利堅合衆國,請讀者自覺遵守當地法律!如有違規,本站不承擔任何法律責任! This site is based in the United States of America, readers are requested to abide by local laws! If there are any violations, this site does not bear any legal responsibility! Theme Jasmine by Kent Liao