This website requires Javascript to function properly. Please go to the setting of your web browser and enable Javascript for this website.
×
Loading...
Close
Home
Share
这种攻击手法应该属于网站挂马,
winterfish
(潜水鱼(\ (•◡•) /))
链接打开的网页有木马程序,被下载到本地然后读取了本地手机cache的支付宝用户名和密码,然后传回网站,攻击者得到信息就能登录进去。不过有一点不能确定就是支付宝换一个设备登录应该会发送手机短信验证码,不知道它是怎么绕过这个机制的。难道手机cookie里面有不需要手机验证的flag吗?
(#11291648@0)
Last Updated: 2018-1-15
This post has been archived. It cannot be replied.
Share
Report
Replies, comments and Discussions:
好么,真有这个问题,苹果手机再贵也买对了。
枫下论坛主坛
/
枫下家园
/
电脑电信