Ecommerce Security Checklist: Order, Payment, Comment 2023

By XiaoXin
A Bit Randomly

The validation value of the cookie is too simple. Some web pages are too single or simple to generate cookies, which leads to hackers being able to enumerate the validity values ​​of cookies. Or you can log in to other use... Read Logical Exploits Of Flaws In a Cookie/Token Design

Main Contents

Ecommerce Security Checklist: Order, Payment, Comment

Purchase Payment/Recharge

- Order information traversal/disclosure
- Leakage of order information leads to leakage of user information
- Unauthorized modification/deletion of other people's orders
- Commodity amount/quantity tampering
- Replace the payment module
- Leakage of transaction information
- False recharge amount
- Recharge account/amount/quantity tampering
- Payment Verification Bypass
- Integer overflow, the maximum value of int is 2147483647
- Modify the key value in the data packet returned by the local JS or the server


- POST injection
- No session/token leads to CSRF
- Insert XSS when commenting
- Traversing the user ID leads to user information leakage
- The number of malicious batch-brushing comments.

Please Share This Article Thank You!

Parts of E-Commerce System Security Checklist
Ecommerce Security Checklist: Sweepstakes, Coupon

Sweepstakes/PromotionVoucher/Coupon Sweepstakes/Promotion - random draw- Stolen prizes/points- Tampering with lottery points/times- concurrent lottery- Invitation code XSS (Verification code URL may contain user name, the ...

Ecommerce Security Checklist: User, Membership

Login - brute force- Any user/password login- SMS/email bombing- Captcha bypass/blasting/replay/postback- Username/Mobile Number Enumeration- Unauthorized login (such as modifying the user ID in the data packet)- Account p...