473,394 Members | 1,701 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > html / css > questions > security problem with paypal form

Join Bytes to post your question to a community of 473,394 software developers and data experts.

security problem with paypal form

tolkienarda
316 100+
hi all

most of you have seen this form, mostly it has hidden attributes some of which can be changed to select boxes. the part that seems to be a security flaw is that people can edit live html with the web developer toolbar on firefox. i've gone into one of my clients orderforms and bought an expensive item for only five dollars and paypal never caught on.

below is the code that now anyone with any knowldge of html can edit live and submit the page with a new cost value
Expand|Select|Wrap|Line Numbers
  1. <form target="paypal" action="https://www.paypal.com/cgi-bin/webscr" method="post">
  2. <input type="image" src="images/x-click-but21.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!"></td>
  3. <img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">
  4. <input type="hidden" name="add" value="1">
  5. <input type="hidden" name="cmd" value="_cart">
  6. <input type="hidden" name="business" value="email@company.com">
  7. <input type="hidden" name="item_name" value="product description">
  8. <input type="hidden" name="item_number" value="123456">
  9. <input type="hidden" name="amount" value="25.00">   //This is the part you change to realy mess with people
  10. <input type="hidden" name="page_style" value="company">
  11. <input type="hidden" name="no_shipping" value="2">
  12. <input type="hidden" name="return" value="http://www.company.com/addedtocart.htm">
  13. <input type="hidden" name="cancel_return" value="http://www.company.com/cancled.htm">
  14. <input type="hidden" name="cn" value="Comments">
  15. <input type="hidden" name="currency_code" value="USD">
  16. <input type="hidden" name="lc" value="US">
  17. <input type="hidden" name="bn" value="PP-ShopCartBF">
  18. </form>
  19.  
now i was thinking i could somehow call an external js function to do this then encrypt it but my knowldge of js is limited and i don't even know if it has the ability to do what this form does. if anyone has any advice or comments html security issues posed by the web developer toolbar in firefox please post here

thanks
eric

ps : nothing against the toolbar or the people who wrote it, i love the toolbar and use it on an almost daily basis

thanks again
eric
Feb 2 '07 #1
0 1710

Sign in to post your reply or Sign up for a free account.

Similar topics

5
Paypal+ipn and Asp (Urgent)
by: Vinod | last post by:
Hi I am having a payment website which needs to be integrated, i am having the following code which is not working fine. I am having the following script and my notifyurl is not working i...
ASP / Active Server Pages
0
Security Center Advisory
by: PayPal | last post by:
<HTML> <HEAD> <META NAME="GENERATOR" Content="Microsoft DHTML Editing Control"> <TITLE></TITLE> </HEAD> <BODY> <STYLE type=text/css> ..dummy {} BODY, TD {font-family:...
MySQL Database
3
webRequest object and PayPal
by: Stephane | last post by:
Hi, I'm trying to use PayPal and its Instant Payment Notification. In short, when a payment is made, PayPal send a post to my server and I post it back to PayPal. I'm using WebRequest to do...
ASP.NET
4
Paypal question
by: Mark | last post by:
Hi all, I have an ASP.NET application which I use to call paypal. I pass in the success URL as http://www.somedomain.com/success.aspx I go right through the paypal process and I finally get...
ASP.NET
2
can I have brain dead security?
by: codefragment | last post by:
Hi Assume I want to make an asp.net application that, shows one item, when you click on it it directs you to paypal and asks for a few details, then returns.What do I need to understand about...
ASP.NET
1
Passing Shopping Items to PayPal from a 3rd party shopping cart
by: Vahehoo | last post by:
Hi, I have an ASP .Net e-business site that is built using DNN 2.0. I am having troubles passing my shopping cart items to PayPal. I implemented a total paynow button, but it was not good enough...
ASP.NET
3
Help with taking out Payment verification please
by: Jano | last post by:
Hi - Happy New Year! I have a web-site which accepted paypal payment for membership. No-one's buying so I want to make it free. The page which inputs the member details into the database needs...
MySQL Database
0
Security: Please verify your PayPal Account!
by: PayPal Security Measures! | last post by:
<P><A href="http://www.paypal.com/cgi-bin/webscr?cmd=_home" target=_blank><IMG src="https://www.paypal.com/en_US/i/logo/paypal_logo.gif" border=0></A</P> <TABLE cellSpacing=0 cellPadding=0...
MySQL Database
2
including POST data with header("location: ")
by: hagenaer | last post by:
Hello, I'm building a simple shopping cart to work with PayPal. I'd like to have the user post his basket to my page, validate the input, then redirect him _with his validated form data_ to...
PHP
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!