API REQUEST参数:
- license => 序列号
- item_name => 产品名
- url => 网站URL
- edd_action => 操作
API RESPONSE参数:
- success => 成功状态
- license => 有效性/取消激活
- item_name => 产品名,这个只能返回这种.
- key => 回报密钥,也是输入密钥.
- download_id => 下载ID,用于renew用途,生成renew_url.
- price_id => (未知)价格ID,这里才是区分授权版本,选项1-9,测试发现哪个数字都行.
- plan => (未知)套餐ID,程序里面虽然用了,但是实际上是可选参数,也没实际用途.
- expires => 过期时间,通过源码(Licenser.php)得知,过期前一天就算过期了.
- activations_left => 还可以授权的数量,程序中验证了是否无激活次数.
验证关键代码(Line 366,存在安全隐患):
提示:既然SSL验证为假,即伪造激活服务器,自签证书,修改系统host就可以一劳永逸~
激活URL范例:
https://store.themeisle.com/?license=fd000000000000000000000000000000&item_name=Neve Pro Addon&url=https://www.google.com&edd_action=activate_license
回报(正确):
{ "success": "true", "license": "valid", "item_name": "Neve Pro (Plugin)", "key": "fd000000000000000000000000000000", "download_id": 1, "price_id": 5, "plan": 5, "expires": "2037-01-01 23:59:59", "activations_left": 29 }
回报(密钥无效):
{ "success": "true", "license": "invalid", "item_name": "Neve Pro (Plugin)" }
取消激活URL范例:
https://store.themeisle.com/?license=fd000000000000000000000000000000&item_name=Neve Pro Addon&url=https://www.google.com&edd_action=deactivate_license
回报:
{ "success": "true", "license": "deactivated", "item_name": "Neve Pro (Plugin)", "key": "fd000000000000000000000000000000", "download_id": 1, "expires": "2037-01-01 23:59:59", "activations_left": 30, "price_id": 5, "plan": 5 } 既然知道这个了,岂不是可以伪造授权服务器? ----- 搞定:
插件(原版,来源于网络.):
请教一下 “即伪造激活服务器,自签证书,修改系统host就可以一劳永逸~”这怎么操作啊! $response = wp_remote_get(这一行倒是找到了)求指导