How I Uncovered a Payment Vulnerability

7 months ago 43
BOOK THIS SPACE FOR AD
ARTICLE AD

Xiaodong

Hello everyone,

You can call me Xiaodong. I am a bounty hunter from China, and I’m excited to share with you the experience of uncovering vulnerabilities here, which may inspire you.

From OpenAI

If there’s anything in the article that you don’t understand, feel free to leave a comment for discussion.

Here, I’ll share a payment vulnerability I discovered. It was simple, but interesting.

Let’s get started!

When I was browsing the target website, I noticed that registration and login were possible.

After logging in and exploring the features, I found a recharge (deposit) function.

Was there an issue with it?

With this question in mind, I decided to try recharging.

Indeed, there was a problem with the recharge process.

For example, when I recharged 0.012 yuan,

During the WeChat payment process, I only needed to pay 0.01 yuan, but the platform still showed that the account was credited with 0.012 yuan.

I immediately reported this vulnerability to the platform and eventually received 2500 yuan as a reward.

Thank you for watching.

Read Entire Article