Neve Pro Addon 激活分析

/ 1评 / 0

API REQUEST参数:

API RESPONSE参数:

验证关键代码(Line 366,存在安全隐患):

提示:既然SSL验证为假,即伪造激活服务器,自签证书,修改系统host就可以一劳永逸~

激活URL范例:

https://store.themeisle.com/?license=fd000000000000000000000000000000&item_name=Neve Pro Addon&url=https://www.google.com&edd_action=activate_license

回报(正确):

{
    "success": "true",
    "license": "valid",
    "item_name": "Neve Pro (Plugin)",
    "key": "fd000000000000000000000000000000",
    "download_id": 1,
    "price_id": 5,
    "plan": 5,
    "expires": "2037-01-01 23:59:59",
    "activations_left": 29
}
回报(密钥无效):
{
    "success": "true",
    "license": "invalid",
    "item_name": "Neve Pro (Plugin)"
}

取消激活URL范例:

https://store.themeisle.com/?license=fd000000000000000000000000000000&item_name=Neve Pro Addon&url=https://www.google.com&edd_action=deactivate_license

回报:

{
    "success": "true",
    "license": "deactivated",
    "item_name": "Neve Pro (Plugin)",
    "key": "fd000000000000000000000000000000",
    "download_id": 1,
    "expires": "2037-01-01 23:59:59",
    "activations_left": 30,
    "price_id": 5,
    "plan": 5
}

既然知道这个了,岂不是可以伪造授权服务器?
-----
搞定:

插件(原版,来源于网络.):

neve-pro-plugin


  1. Yuan Li说道:

    请教一下 “即伪造激活服务器,自签证书,修改系统host就可以一劳永逸~”这怎么操作啊! $response = wp_remote_get(这一行倒是找到了)求指导

发表回复

您的电子邮箱地址不会被公开。