Introduction
When the Administrator login in,Attackers can construct malicious POCS to fool administrator into accessing it then the APPID of Alipay, the private key of the merchant application, and the public key of Alipay can be change .Finally, a attacker can be get the profit of this website!
Introduction
When the Administrator login in,Attackers can construct malicious POCS to fool administrator into accessing it then the APPID of Alipay, the private key of the merchant application, and the public key of Alipay can be change .Finally, a attacker can be get the profit of this website!
Vulnerable code
CSRF PoC
Proof

Suggestion
Use the CSRFToken to protect it!
The text was updated successfully, but these errors were encountered: