The validation value of the cookie is too simple. Some web pages are too single or simple to generate cookies, which leads to hackers being able to enumerate the validity values of cookies. Or you can log in to other use... Read Logical Exploits Of Flaws In a Cookie/Token Design
- Order information traversal/disclosure
- Leakage of order information leads to leakage of user information
- Unauthorized modification/deletion of other people's orders
- Commodity amount/quantity tampering
- Replace the payment module
- Leakage of transaction information
- False recharge amount
- Recharge account/amount/quantity tampering
- Payment Verification Bypass
- Integer overflow, the maximum value of int is 2147483647
- Modify the key value in the data packet returned by the local JS or the server
- POST injection
- No session/token leads to CSRF
- Insert XSS when commenting
- Traversing the user ID leads to user information leakage
- The number of malicious batch-brushing comments.
Sweepstakes/PromotionVoucher/Coupon Sweepstakes/Promotion - random draw- Stolen prizes/points- Tampering with lottery points/times- concurrent lottery- Invitation code XSS (Verification code URL may contain user name, the ...
Login - brute force- Any user/password login- SMS/email bombing- Captcha bypass/blasting/replay/postback- Username/Mobile Number Enumeration- Unauthorized login (such as modifying the user ID in the data packet)- Account p...