Jump to content
Sign in to follow this  
minglou

This is for people who use original paypal module

Recommended Posts

Hi guys,

 

These days i experienced some paypal fraud ( maybe it is not fraud), i used orignal paypal module comes with MS2

 

i sell item with instant download via oscomerce shopping cart, item name: xxx, and the price is:$20.00, a guy come from taiwan, ordered a item and he just only paid $0.01 and he got the instant download.

 

Finally, i found how he did that

 

1. He creat a fake account

2. he login in and order the item and checkout and then the page redirect to paypal checkout page.

 

The URL like this:

 

https://www.paypal.com/cgi-bin/webscr?amoun...php&cmd=_xclick

 

 

and then he change the amout from 20.00 to 0.01 and refresh the page,

so you can see the item price changed to $0.01 ( that easy ha), and login in his paypal account and ordered with $0.01 and he got the download item.

 

( i think this way works with most online business accept paypal, especially instand download, that is even worse)

 

 

Until now i haven't find a way to protected, i want to hide the address bar from explorer, so they don't the exactly URL is, maybe not works, i am not sure.

 

what about PAYPAL IPN, Does it works with this kind of way to prevent this problem?

 

Guys, i need some opinions, how to stop this?

 

 

 

sean

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×