Ecommerce Security Checklist: Sweepstakes, Coupon 2023

By XiaoXin
A Bit Randomly

The pcntl_fork() function is a function used to create a process in the php-pcntl module. (does not support windows). As for how to install and enable the php_pcntl extension, I won’t introduce it here, only ana... Read Parallel processing in PHP using pcntl_fork() Explanation

Main Contents
  1. Sweepstakes/Promotion
  2. Voucher/Coupon

Ecommerce Security Checklist: Sweepstakes, Coupon


- random draw
- Stolen prizes/points
- Tampering with lottery points/times
- concurrent lottery
- Invitation code XSS (Verification code URL may contain user name, the user name can be changed to XSS code)


- Swipe vouchers/coupons in batches
- Change voucher amount/quantity
- Change Coupon Quantity
- Concurrency logic loopholes (burp obtains coupons in batches, etc.)

Please Share This Article Thank You!

Parts of E-Commerce System Security Checklist
Ecommerce Security Checklist: Third-Party System, Captcha

Third-Party System - Unauthorized access to third-party systems- Third-party account information traversal- Unauthorized access to third-party accounts- Third-party account information leakage- Third-party application vers...

Ecommerce Security Checklist: Order, Payment, Comment

Purchase Payment/Recharge - Order information traversal/disclosure- Leakage of order information leads to leakage of user information- Unauthorized modification/deletion of other people's orders- Commodity amount/quantity ...