phpCoupon Remote Payment Bypass Vulnerability
BID:25116
Info
phpCoupon Remote Payment Bypass Vulnerability
| Bugtraq ID: | 25116 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 28 2007 12:00AM |
| Updated: | Jul 30 2007 09:55PM |
| Credit: | An unknown member of freeprotect.net discovered this issue. |
| Vulnerable: |
phpCoupon phpCoupon 0 |
| Not Vulnerable: | |
Discussion
phpCoupon Remote Payment Bypass Vulnerability
phpCoupon is prone to a remote payment-bypass vulnerability because the application fails to properly secure PayPal payment transactions.
Successfully exploiting this issue allows remote attackers to perform payment transactions in the application without actually paying money. This allows them to obtain services for free.
phpCoupon is prone to a remote payment-bypass vulnerability because the application fails to properly secure PayPal payment transactions.
Successfully exploiting this issue allows remote attackers to perform payment transactions in the application without actually paying money. This allows them to obtain services for free.
Exploit / POC
phpCoupon Remote Payment Bypass Vulnerability
Attackers use a browser to exploit this issue.
The following URI demonstrates this issue:
http://www.example.com/path/user.php?REQ=auth&billing=141&status=success&custom=upgrade5
The '141' and the 'upgrade5' values may vary from installation to installation.
Attackers use a browser to exploit this issue.
The following URI demonstrates this issue:
http://www.example.com/path/user.php?REQ=auth&billing=141&status=success&custom=upgrade5
The '141' and the 'upgrade5' values may vary from installation to installation.
Solution / Fix
phpCoupon Remote Payment Bypass Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
phpCoupon Remote Payment Bypass Vulnerability
References:
References:
- phpCoupon Home Page (phpCoupon)
- phpCoupon Vulnerabilities ([email protected])