11 lines
No EOL
594 B
Text
11 lines
No EOL
594 B
Text
source: https://www.securityfocus.com/bid/25116/info
|
|
|
|
phpCoupon is prone to a remote payment-bypass vulnerability because the application fails to properly secure PayPal payment transactions.
|
|
|
|
Successfully exploiting this issue allows remote attackers to perform payment transactions in the application without actually paying money. This allows them to obtain services for free.
|
|
|
|
The following URI demonstrates this issue:
|
|
|
|
http://www.example.com/path/user.php?REQ=auth&billing=141&status=success&custom=upgrade5
|
|
|
|
The '141' and the 'upgrade5' values may vary from installation to installation. |