Jump to content
Sign in to follow this  

CCBill Gateway Module

Recommended Posts

I need to add "postback URL's to the Approval and Denial Post URLs" to the ccbill admin. But how do i find out what my postaback url's are?

Share this post

Link to post
Share on other sites

After watching a customer downloading stuff without any money hitting ccbill (he got greedy and started downloading more and more or I would not have noticed), I finally took the time to dissect the Logs to figure out exactly what he was doing.


I have figured out the exploit and can now repeat over and over. It has to do with "checkout_process.php" but exploit requires 1 successful purchase before you can use that info to steal the rest of the digital downloads. Luckily, it is just ONE guy and I am tracking him constantly now. He will soon tire of having to get a new IP (I lock him out via iptables) AND having to make a new account each time now.


I don't want to spell out the exploit or mention the site because I don't want to have to deal with 10 guys doing this :(  I haven't tested this with other payment modules because I only use ccbill.


I would like to contact and work with the Author of the Module OR some other expert to get this fixed eventually. You can contact me at httptunnel at gmail if you are the Author or equivalent. Let's fix this !!  Don't just contact me to ask exploit details for download fun.



Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this