Jump to content
  • Checkout
  • Login
  • Get in touch


The e-commerce.

Possible oscommerce vulnerability?


Recommended Posts

Found this on a page while searching for osc information.


OScommerce cart site hack with paypal.



Something I found out, is if you find a site that uses oscommerce as the shopping cart for instant downloadable items.


Put an item in your cart continue to check out, create a bogus account with bogus name and email. Or use a real email addy to an anonymus box. Anyways, contine to payment selection and select paypal or credit card and fill in bogus info there also. Now when you get to the confirm order page, just change a small bit of the url. At the end of the URL you will see "/checkout_confirmation.php " Change that to "/checkout_process.php " now hit enter and the order will be accepted with out even sending in credit info or billing you and it will give you the download link!


Is this true? Or is it an oldy I've dragged up for no reason.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...