Monday, 21 July 2014

PayPal lets bug webshops arbitrary amount Checkout

Paypal Bug

A bug in the online payment service PayPal enables webshops to settle after the customer has been given. Attachment for a different amount any amount Thus, the customer thinks he is buying something for one euro, for example, while the shop settles 200 euros.
However, the customer receives only the confirmation email from PayPal that 200 euros is charged. The problem is when using the PayPal Express Checkout, says the German security researcher Jan Kechel . This confirms the customer in its PayPal payment environment and think you have judged. After the payment through PayPal, the user is sent back to the shop, where another function is called that allows you to transfer, without the customer has given consent another amount will be.
Kechel discovered the problem and reported it to PayPal. The payment service stated that it is not a bug but is "intended behavior", due to small differences in transport costs and the like. The researcher believes that PayPal however all amounts greater than the fixed amount must confirm this. Again by the customer As evidence Kechel made ​​this demonstration .

No comments:

Post a Comment