Scan the QR code to communicate with the project manager
We are waiting for your voice 24 hours a day on WeChat
Answer questions in this article/Technical consultation/Operation consultation/Technical advice/Internet communication
WeChat Pay official urgently pushes tips on repairing XXE vulnerabilities, attached
2018-08-02 17:54 Category: Technical school View(
)
Yesterday, a piece of news about WeChat Pay’s 0 yuan purchase went viral in the development circle. The so-called 0 yuan purchase is not a lottery for users, but a malicious attacker using a loophole to achieve 0 yuan payment.
The normal basic payment process is as follows: the user initiates payment -> calls up WeChat payment -> payment is successful -> the WeChat payment server sends a successful notification to the application (such as a mall) server -> the application server parses the notification sent by WeChat payment -> the parsed information performs necessary comparison and confirmation and updates the order to paid status.
However, this vulnerability is a malicious use of the parsing process, which can cause problems such as reading any file, intranet detection, and command execution.
We solemnly declare: Any unit or individual outside the XX network is not allowed to use this case as a demonstration of work success!
- News Center
- Company news
- Industry trends
- Technical school
- Contact Us
- Phone:020-66889888
- Email:[email protected]
- Address:No. 58, Panyu Economic Development Zone, Guangzhou City, Guangdong Province
- Mobile:188 666 999 88
WeChat QR code
- OnlineConsult
- 020-66889888
-
WeChat QR code
-
Mobile version official website