Jump to content
Sign in to follow this  
zhexiang

osCommece Credit Card payment module loophole?

Recommended Posts

Someone by the name Ali Babba from US just shop at my store and bought lots of digital products.

 

His payment method is credit card, but when i check with admin, i can't find his credit crad number, nor his credit card expiry date.

 

Is it possible to skip the credit card number during checkout? This credit card payment module is default with osCommerce?

 

I don't think it's possible for me to claim back US$350+ from this fellow. None of his personal detail is real.

 

Please advise on osCommerce credit card payment module, why buyer can skip entering the credit card number, any possiblity to avoid using it!

Share this post


Link to post
Share on other sites

I am by no means an expert in this area, but it is possible that some of the code you are using is unsecure and relies on having register_globals set to on. register_globals allows uninitialized variables to be used, thus allowing unsecure coding. When this happens, someone who is familiar with the program you are using may be able to use a variable (such as "Did you enter a credit card number?") without that variable being validly set by your program. Read this for a better description: http://us3.php.net/manual/en/security.registerglobals.php

 

I am not saying that this is what happened to you, but I recently learned about register_globals and this is the type of thing that can happen.

 

There are a couple contributions that allow you to run osCommerce with register_globals set to off.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×