With Internet users increasingly accustomed to Online Shopping, there has been more and more e-Commerce sites, the online trading platform.
Which certainly relates to the online payment process, and there is also a lot of logic.
Since this involves money, if poorly designed, is likely to result in 0 Yuan purchase merchandise and other very serious vulnerabilities.
According to the dark clouds on the case, the payment of vulnerabilities can generally be divided into five classes, if you find other types, welcome added:
This vulnerability should be a payment vulnerability in the most common.
Developers will often for convenience, directly in the Pay of the key steps in the data packet is transmitted directly need to pay the amount.
And this amount of rear end do not do check, the transfer process did not do a signature, cause you can feel free to tamper with the amount submitted.
Just need to bag see the amount of parameter modification to any can.
We take a look at the clouds on several case:
Tick: Jiayu phone official Mall payment vulnerability the highlight is really the arrival.......）