Context
This paper consider the following vulnerabilities that can hijack a payment (in cryptocurrency) using a QR-code:
- fake QR generators,
- stickers for cryptomats,
- phishing using QR-codes,
- create Malicious QR-codes for Hack Phones
The possibility of creating the following malicious QR codes while using the QRGen tool was considered:
- SQLIA (SQL injection attack),
- XSS (cross site scripting),
- Command Injection,
- Format String,
- XXE (XML external entities),
- String fuzzing,
- SSI (Server-Side Includes) Injection,
- LFI (Local File Inclusion)
- directory traversal (path traversal)