微信公众号支付漏洞成因探究

Exploring the Cause of Pay Vulnerabilities of WeChat Official Account

微信公众号系统在实现微信支付功能时,如果支付流程设计或系统实现不合理,会造成篡改攻击漏洞或短路攻击漏洞,可以被恶意用户用于发起中间人攻击。论文模拟了利用两种漏洞进行中间人攻击的过程,分析了两种漏洞的形成原理,并提出了防范漏洞的解决方案。

Neither unreasonable payment process design nor failed system implementwouldlead to the Tampering Vulnerability or the Short-circuit Vulnerability, which could be used to launch the man-in-the-middle attacks by the malicious user. This paper simulates how to use 2 different vulnerabilities to launch MITM attack, describes the principle of each vulnerabilities and puts forward solution to fix them.