Ecommerce Security Checklist: User, Membership 2023

By XiaoXin

We aims to improve your understanding of programming through simplified explanations and examples. The included code snippets can also save you time during development. All of this is designed to make your programming experience easier and more efficient.

Topics

Serials

CSS @At-Rules Explanation

Hacker Explanation

Improve Performance In PHP

Top Latest PHP Interview Questions And Answers For Experienced

Tutorial write Bash Scripts with ZX Library

E-Commerce System Security Checklist

Random

Explain find command in Linux

PHP maintain the file log

What Is Meant By Event-driven Architecture In Node.js?

What are the characteristics of json format data?

What Are Some Common Pitfalls To Avoid When Working With Node.js?

The Commands To Set Git Credentials

Detect a list of numbers that are increasing or decreasing by Python

What Can ActorDB do?

5 Drawbacks Of SQLite

How do I use SSH in a Jenkins pipeline

About Privacy Disclaimer Contact

A Bit Randomly

Redis is an in-memory data structure store that can be used as a database, cache, and message broker. It is often used with PHP to improve the performance of applications by storing frequently-used data in memory. To use R... Read How To Use Redis In PHP

Main Contents

Ecommerce Security Checklist: User, Membership

Login

- brute force
- Any user/password login
- SMS/email bombing
- Captcha bypass/blasting/replay/postback
- Username/Mobile Number Enumeration
- Unauthorized login (such as modifying the user ID in the data packet)
- Account permission bypass (overreach)
- Cookie forgery
- User empty password login

Registration

- Front-end authentication bypass
- User random/batch registration
- Malicious verification of registered accounts
- Account duplicate registration
- Username/Bound Mobile Number Enumeration
- Registration information inserted into XSS
- SMS/email bombing
- Captcha bypass/blasting/replay/postback
- Other Authentication Mechanisms Bypassed

Password Recovery

- Random/Batch User Password Reset
- Any email/mobile phone number verification (the verification code and the bound user are not verified uniformly)
- User-binding phone number enumeration
- new password hijacking
- SMS verification code hijacking/bypassing/returning/blasting/replaying
- User mailbox hijacking/tampering
- Other Authentication Mechanisms Bypassed

Profile

- Mobile phone number/user/email enumeration
- Modify personal data to insert XSS
- E-mail/user/mobile phone number tampering
- User information traversal/disclosure
- Modifying other people's account information without authority

Account

- Account Verification Bypass
- Account amount tampering
- Account binding mobile phone number bypass
- Account third-party account binding bypass
- User unauthorized access
- Profile Information Traversal/Disclosure
- Modify personal information, avatar, upload any file
- If you encounter Xlsx/Docx, there may be XXE, upload malicious documents blind test
- Modify the personal information page to insert XSS.

Transfer Process

- POST/Cookie Injection
- cookie hijacking
- There is no session/token in the modification information, which leads to CSRF
- Clear text transmission account password

Please Share This Article Thank You!

Parts of E-Commerce System Security Checklist

Ecommerce Security Checklist: Order, Payment, Comment

Purchase Payment/Recharge - Order information traversal/disclosure- Leakage of order information leads to leakage of user information- Unauthorized modification/deletion of other people's orders- Commodity amount/quantity ...

7 types of common sentences in python interview questions

Comparison and exchangeSortingConversionFourth, traversal (loop)FindRecursionStatement simplification Comparison and exchange 1. Compare and output the larger one print(a if a>b else b) 2. Swap two elements a,b = b,a li...