MiniCAT: Understanding and Detecting Cross-Page Request Forgery Vulnerabilities in Mini-Programs
Embedded Files
This website is prepared for Paper: MiniCAT: Understanding and Detecting Cross-Page Request Forgery Vulnerabilities in Mini-Programs.
Notes:
Please try to choose the highest video resolution to watch the following demos, which is much clearer.
For anonymity purposes and ethical vulnerability disclosure, we have blurred any scenarios that might reveal information and personal information about the mini-program in question.
All attack scenarios involving accounts/products are our own and do not involve any other real-world cases.
Case #1: Unauthorized Unlocking
Case #1: Unauthorized Unlocking
Attackers can utilize MiniCPRF to perform dangerously sensitive operations.
In the below case, the attacker successfully bypassed the mini-program's permission and authorization checks to enable any lock unlocking.
MiniCPRF_Unlock.mp4For Cases #2 and #3, our attack ends with successfully evoking WeChat payment, which is guaranteed not to impact the vendors and merchants of any mini-program negatively.
Case #2: Free Shopping I
Case #2: Free Shopping I
WeChat mini-programs often use WeChat Payment, but MiniCPRF poses a significant security and financial threat by enabling attackers to conduct sensitive payment transactions.
In this case, we have successfully used MiniCPRF to modify the price of an item and can make payment at the modified price.
MiniCPRF_FreeShoppingI.mp4Case #3: Free Shopping II
Case #3: Free Shopping II
Attackers can also leak sensitive information through MiniCPRF, and this leakage also introduces new risks.
In this example, the attacker leaked the necessary information needed for another attack against the server side of the applet via MiniCPRF, thus also accomplishing the product price modification.
MiniCPRF_FreeShoppingII.mp4Page updated
Google Sites
Report abuse