Jump to content



Photo
- - - - -

Checkout confirmation exploit with Opera !


This topic has been archived. This means that you cannot reply to this topic.
28 replies to this topic

#21   Biancoblu

Biancoblu

    1291 Giger's Alien

  • Community Sponsor
  • 745 posts

Posted 23 June 2012 - 14:51

After researching the issue it seems API credentials are needed for paypal express, not paypal standard. I can't install openssl nor create a key so I'm giving up for now and will just manually check that the payment amount and item price do match.
~ Don't mistake my kindness for weakness ~

#22   Mort-lemur

Mort-lemur
  • Members
  • 1,997 posts

Posted 23 June 2012 - 15:39

@Biancoblu

I have used openssl to generate public and private keys, downloaded the paypal public key etc.

Like you, what I am missing is where to upload these to on the server.... Is it simply a case of creating a new directory, adding these to it and then calling them up from the paypal module in admin? or do I need to install some of the openssl files as well?

Now running on a fully modded 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.


#23   Mort-lemur

Mort-lemur
  • Members
  • 1,997 posts

Posted 23 June 2012 - 16:20

OK - it is now done /whistling.gif' class='bbc_emoticon' alt=':-' />) and confirmed that the hidden fields are encripted and paypal IPN still works!

If I have time later I will document the steps to do this.

Thanks

Edited by Mort-lemur, 23 June 2012 - 16:20.

Now running on a fully modded 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.


#24   Mort-lemur

Mort-lemur
  • Members
  • 1,997 posts

Posted 23 June 2012 - 18:51

OK all of my sites are now secure against this potential exploit, all tested, and trial purchases made.

I would like to post the exact steps to achieve this - does anyone think it would be worthwhile doing that in a new thread or even as a contribution?

Or if nobody is interested I wont bother

Thanks

Edited by Mort-lemur, 23 June 2012 - 18:52.

Now running on a fully modded 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.


#25 ONLINE   altoid

altoid
  • Community Sponsor
  • 1,049 posts

Posted 23 June 2012 - 20:16

OK all of my sites are now secure against this potential exploit, all tested, and trial purchases made.

I would like to post the exact steps to achieve this - does anyone think it would be worthwhile doing that in a new thread or even as a contribution?

Or if nobody is interested I wont bother

Thanks


I use PP IPN on four sites, so I am interested. I looked at openssl, and that for me is a bit of a learning curve as well, but I'll tackle it. Thanks
I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can.
I remember what it was like when I first started with osC. It can be overwhelming.
However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc.
There are several good pros here on osCommerce. Look around, you'll figure out who they are.

#26 ONLINE   burt

burt

    Vanquisher of Demons

  • Community Team
  • 9,975 posts

Posted 23 June 2012 - 21:15

Basically upload the certificates to anywhere on your webhosting and link to them in the input boxes (like it does the openssl input box)...

Should be fairly straightfoward, and would make a good thread Heather, thanks. Or just add to this thread /wink.png' class='bbc_emoticon' alt=';)' />
IF YOU MAKE A POST REQUESTING HELP...please state the exact version of osCommerce that you are using. THANKS
 
Big Bang Templates for 2.3 osCommerce - 2.3.1 > 2.3.4 - Buy One, Get One Free
 
--
Making your osCommerce better, one module at a time - get in touch.

#27   Biancoblu

Biancoblu

    1291 Giger's Alien

  • Community Sponsor
  • 745 posts

Posted 23 June 2012 - 21:18

I am interested too, thanks. /smile.png' class='bbc_emoticon' alt=':)' />
~ Don't mistake my kindness for weakness ~

#28   Mort-lemur

Mort-lemur
  • Members
  • 1,997 posts

Posted 23 June 2012 - 21:27

Started a new thread - not quite simple, but quite straightforward

Now running on a fully modded 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.


#29   DogFoodIT

DogFoodIT
  • Members
  • 70 posts

Posted 15 August 2012 - 03:36

good instruction here!
http://forums.oscomm...mation-exploit/