This repository has been archived by the owner on Mar 30, 2020. It is now read-only.
磐石投票好像没办法绕过 #10
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
昨天晚上搞到现在。
磐石投票,微信用户一人一票,弹出授权登陆界面,感觉流程是这样的:
(三个端,手机端标记为A,第三方网站标记为B,微信服务器标记为C)
(1) A访问投票网址url_1,B判断是否是微信浏览器(修改User-Agent简单绕过),不是微信浏览器则提示用微信浏览器登陆,否则进入(2)。
(2) B让A访问微信服务器C用于授权(如https://open.weixin.qq.com/connect/oauth2/authorize?appid=xxx&redirect_uri=httpxxx),此时C将用户的code通过Get参数传递给B的回调地址redirect_uri。B通过获取的code进一步处理。
(3) 我尝试了下绕过微信服务器,直接随机生成参数code调用redirect_uri,发现B获取code后,会进一步向C去验证。随机生成的code当然就出错了= = ,返回微信错误码40029:invalid code
所以就炸了。
The text was updated successfully, but these errors were encountered: