itransact.txt

itransact.txt: Posted Dec 17, 2001; Authored by Jesse S. Williams; A security flaw in the itransact.com credit card payment system allows users to change the price of merchandise ordered.; tags | exploit; SHA-256 | d2ef91a633470fc9cfb5fcddc6efc11dc6bb686462ccd29b78c18ee6d0ea5e3c; Download | Favorite | View

itransact.txt

From: "Jesse S. Williams" <jesse.williams@xepherys.net>
Subject: A security flaw (itransact.com)
Date: Fri, 14 Dec 2001 22:39:02 -0500

<-- Snip --

I believe I have found a security hole in [the itransact.com] payment accepting scripts.
Currently, the scripts do not require the POST of forms to come from within
your own site (or affiliate sites).  If one were to follow a merchants site
to your purchase page, then view the source, copy the forms into a new
document and change the price, they could then use this new form, from any
website, to purchase said products for any price they choose.  You may want
to look into this issue.

Sincerely,

Jesse S. Williams

Top Authors In Last 30 Days

Red Hat 278 files
Ubuntu 57 files
Gentoo 32 files
Debian 28 files
Apple 9 files
malvuln 6 files
Ahmet Umit Bayram 5 files
nu11secur1ty 5 files
Adam Gowdiak 4 files
liquidsky 3 files

File Archives

Systems

AIX (429)
Apple (2,087)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,042)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,499)
HPUX (880)
iOS (375)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,630)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,779)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,501)
UNIX (9,401)
UnixWare (187)
Windows (6,659)
Other

itransact.txt

itransact.txt

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

itransact.txt

Share This

itransact.txt

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems