Attacker can hack/compromise users data using unsecure backend and frontend combination.
- sm1 (price tempering)
- https://github.com/thepwnexperts/m1-sm1-b1 [have secure but if use /cal endpoint]
sm2 and sm3 related to response manipulation
-
sm2 (otp validation)
-
https://github.com/thepwnexperts/m1-sm2-b1 [unsecure validation at client side]
-
-
sm3 (secure fetching ->this may consider as secure data exchange)
- https://github.com/thepwnexperts/m1-sm3-b1 [secure depends on fetching method]
-
sm1 (price tempering)
-
https://github.com/thepwnexperts/m1-sm1-u1 [unsecure]
-
-
sm2 (otp validation)
-
https://github.com/thepwnexperts/m1-sm2-u2 [unsecure]
-
sm3 (secure fetching)