Current location - Music Encyclopedia - Earning online - Exploration on the project of making money by general vulnerability assessment of network card issuing platform

In this article, you will learn the following skills.

1. Just capture the da

Exploration on the project of making money by general vulnerability assessment of network card issuing platform

In this article, you will learn the following skills.

1. Just capture the da

Exploration on the project of making money by general vulnerability assessment of network card issuing platform

In this article, you will learn the following skills.

1. Just capture the data of the software.

2. Understand the vulnerability formation principle of card issuing platform.

3. Get some resources.

4. Project mining.

Accidentally see a Baidu collection software, you can get someone else's Baidu cloud disk account and password.

It's amazing. I'm curious about how the software collects other people's account passwords.

Since the software can obtain Baidu account, just grab the data package of this software and you will know how to obtain it.

1. Close all web pages and programs, and only open Baidu acquisition software.

Click the "Get Resources" button of Baidu acquisition software, wait for 2 seconds, and then check "WinSockExpert".

The results captured by the software package are shown in the following figure.

As can be seen from the post data indicated by the arrow, the software is for websites.

"/Cha Xun

/chaxun

/chaxun

/orderquery? St = contact person & kw =123456789

/orderquery.htm? St = contact person & kw =123456789

Next, let's talk about the principle.

Users can purchase all kinds of activation cards, account passwords, recharge cards and other information without registering on the automatic delivery platform. The only proof of purchase is "order number" and "contact information".

The order number is generated randomly. If someone accidentally closes the webpage after buying it, the card will not be found. In order to prevent such risks, the platform allows users to query their purchase records through the contact information filled in at the time of purchase.

How does the platform fill the loophole?

Option 1: Close the contact information to view the order.

Scheme 2: users are forbidden to enter 123456789, which is similar to a weak password.

Option 3: Only orders within 10 minutes can be viewed.

Comparing the recommended scheme 1 with the recommended scheme 3, especially the scheme 1, the operation is simple, just delete the contact information query function directly.

The general technical article is over here. Let's talk about derivative play.

Coolie method

For example, the platform mentioned earlier in this article can obtain the account and password of Baidu Cloud Disk. You just have to keep it. After finding the new resource, try the password. If you can log in successfully, reset your password and keep your account.

Hu cutting method

For example, plug-in Q group, general plug-in software is recharged with card secret. As long as you sneak into the group and use the "Q number" of other people in the group as the contact information, there is a great probability that you can find the card secret and use it in the first time.

These methods are all trails, accounting for a negligible advantage.

Although we are greedy and cheap, we are ambitious, and we are too lazy to ask such trivial things.

Find a project

From the perspective of probability, the number of people who enter "123456789" in the contact information is absolutely very small, and perhaps only 1% people will fill in the password like this. However, under such a low probability, many people's purchase data can still be found out, indicating that there are many buyers. The merchants selling Baidu cloud accounts in the screenshot of this article make at least a few hundred orders every day and earn several hundred dollars every day.

Enter a weak password similar to 123456 in each card issuing platform. If you find more results, you can directly add the QQ number of the merchant, check the QQ space and Weibo of the other party, ask what the other party is selling as a customer, and find the Blue Ocean project.

Building platform

From the data found, we can roughly estimate the bill amount of the departure card platform. It is common for small and medium-sized platforms to issue thousands of orders every day, and the larger platforms are more than 10,000 orders.

The platform charges about 3% of the trading commission, and the average customer unit price is about 5 yuan. This figure is just my idea, because the products sold by merchants on each platform are different, and the unit price of customers is hard to say, but combined with the data of other platforms, it is generally not lower than that in 5 yuan. Generally, the daily cost of a medium-sized card issuing platform is about 1 10,000 bills, the customer unit price is 5 yuan, the rate is 2%~3%, and the daily profit is about 1 10,000 yuan.

This is just sunshine income, there must be a platform deduction! There must be a platform deduction! There must be a platform deduction!

Deduction is a trivial matter. At that time, my brother watched too many platforms for running away.

To say that this deduction has gone wrong, we have to start from the beginning.

Individuals can't apply for payment interface, so it is the best choice for ordinary people to use card issuing platform instead of payment interface.

Many black/gray businesses are paid through the card issuing platform, and one payment interface has not been officially audited, which can even account for half of the entire platform business.

Because the products of the card issuing platform are non-public and hidden, they are not afraid of exposure.

Even if the card issuing platform wants to conduct content audit, it is very difficult to obtain evidence. There is only one deck of cards, who knows what it is, and once the platform rejects the gray-black business, it is equivalent to rejecting half of the business and making the platform turn a blind eye.

Everyone is so dark, and the platform is also dark …

Then there is the technical problem. Individuals cannot apply for online payment interfaces such as Alipay/WeChat payment, only enterprises can. Payment platforms such as Alipay/WeChat will charge a transaction commission of about 1%, that is, even if you have a business license and apply for an instant payment interface, you will have to pay about 100 yuan to the payment platform for every 100 yuan.

Then there is the technical problem. Individuals cannot apply for online payment interfaces such as Alipay/WeChat payment, only enterprises can. Payment platforms such as Alipay/WeChat will charge a transaction commission of about 1%, that is, even if you have a business license and apply for an instant payment interface, you will have to pay about 100 yuan to the payment platform for every 100 yuan.

The payment interface of some card issuing platforms does not cost money.

Baidu keywords: "visa-free payment interface";

The technical principle of visa exemption is actually not difficult. It is said that this technology was used when Alipay was still weak in the early days. The details are too boring, and the specific content is Baidu. At present, the whole process is perfect.

Many people in Taobao sell the source code of card issuing platform, and a full set of thousands of pieces can be done.

looking for customers

Through the above method, you can get the contact information of the merchants stationed in other platforms. These are accurate big customers. If you pull dozens of such businesses, you will make a profit.

Persuading them is actually very simple. Every newly opened shopping mall, especially the shopping mall with bad location, usually starts with the usual method of avoiding rent, which can make the popularity of the whole shopping mall rise rapidly in a short time.

For the card issuing platform, the best way to dig corners is to avoid two months' commission. If you feel that the experience is not good, the merchant can leave at any time.

As long as your product is hard enough, you are not afraid of no customers.