Ecommerce Security Checklist: User, Membership 2023

By XiaoXin
A Bit Randomly

Redis is an in-memory data structure store that can be used as a database, cache, and message broker. It is often used with PHP to improve the performance of applications by storing frequently-used data in memory. To use R... Read How To Use Redis In PHP

Main Contents

Ecommerce Security Checklist: User, Membership


- brute force
- Any user/password login
- SMS/email bombing
- Captcha bypass/blasting/replay/postback
- Username/Mobile Number Enumeration
- Unauthorized login (such as modifying the user ID in the data packet)
- Account permission bypass (overreach)
- Cookie forgery
- User empty password login


- Front-end authentication bypass
- User random/batch registration
- Malicious verification of registered accounts
- Account duplicate registration
- Username/Bound Mobile Number Enumeration
- Registration information inserted into XSS
- SMS/email bombing
- Captcha bypass/blasting/replay/postback
- Other Authentication Mechanisms Bypassed

Password Recovery

- Random/Batch User Password Reset
- Any email/mobile phone number verification (the verification code and the bound user are not verified uniformly)
- User-binding phone number enumeration
- new password hijacking
- SMS verification code hijacking/bypassing/returning/blasting/replaying
- User mailbox hijacking/tampering
- Other Authentication Mechanisms Bypassed


- Mobile phone number/user/email enumeration
- Modify personal data to insert XSS
- E-mail/user/mobile phone number tampering
- User information traversal/disclosure
- Modifying other people's account information without authority


- Account Verification Bypass
- Account amount tampering
- Account binding mobile phone number bypass
- Account third-party account binding bypass
- User unauthorized access
- Profile Information Traversal/Disclosure
- Modify personal information, avatar, upload any file
- If you encounter Xlsx/Docx, there may be XXE, upload malicious documents blind test
- Modify the personal information page to insert XSS.

Transfer Process

- POST/Cookie Injection
- cookie hijacking
- There is no session/token in the modification information, which leads to CSRF
- Clear text transmission account password

Please Share This Article Thank You!

Parts of E-Commerce System Security Checklist
Ecommerce Security Checklist: Order, Payment, Comment

Purchase Payment/Recharge - Order information traversal/disclosure- Leakage of order information leads to leakage of user information- Unauthorized modification/deletion of other people's orders- Commodity amount/quantity ...

7 types of common sentences in python interview questions

Comparison and exchangeSortingConversionFourth, traversal (loop)FindRecursionStatement simplification Comparison and exchange 1. Compare and output the larger one print(a if a>b else b) 2. Swap two elements a,b = b,a li...