Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

CCBill Gateway Module


sunshynevideo

Recommended Posts

  • 2 years later...

After watching a customer downloading stuff without any money hitting ccbill (he got greedy and started downloading more and more or I would not have noticed), I finally took the time to dissect the Logs to figure out exactly what he was doing.

 

I have figured out the exploit and can now repeat over and over. It has to do with "checkout_process.php" but exploit requires 1 successful purchase before you can use that info to steal the rest of the digital downloads. Luckily, it is just ONE guy and I am tracking him constantly now. He will soon tire of having to get a new IP (I lock him out via iptables) AND having to make a new account each time now.

 

I don't want to spell out the exploit or mention the site because I don't want to have to deal with 10 guys doing this :(  I haven't tested this with other payment modules because I only use ccbill.

 

I would like to contact and work with the Author of the Module OR some other expert to get this fixed eventually. You can contact me at httptunnel at gmail if you are the Author or equivalent. Let's fix this !!  Don't just contact me to ask exploit details for download fun.

 

Thanks

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...