zonabatakhacker.org

Horas..!!

Dark Hack Community

Dark Mindz Community

Hosted by

Modifying Paypal Values on Lowlevel Web's

Sensitive Directory File-1 Sensitive Directory File-2 Shell Dork Advisories and Vulnerabilities-1 Advisories and Vulnerabilities-2 Vectors in C++ Visual Basic Irc Bot Make a Basic Batch Viruses How To Hack a Website (SUPER noobified) PHP Injection - Access Server Modifying Paypal Values on Lowlevel Web's Wireless Hacking Tracking Down a Botnet File of Password Page of Network Data Various Online Devices Vulnerable Servers Error Messages File of Important Information Page of Login Portals Analyzing a Trac SPAM Attempt Knock, Knock, Knockin' on EnGarde's Door (with FWKNOP) RPM and a perl.req Heredoc Bug HowTo: Secure your Ubuntu Apache Web Server :)~~~ Automatically Report all SSH Brute Force Attacks to ISPs <-- ???? :( Website Editing from the Perl Command Line <--wooowww ...... :) SSH Tunnel; HowTo <-- great job's :D Mitigating DNS Cache Poisoning Attacks with iptables Single Packet Authorization with Port Randomization How to write a port scanner in C Server Security <-- hehehehe..... :P Xss (Cross site scripting) PuttyHijack V1.0 - Hijack SSH/PuTTY Connections on Windows Pass-The-Hash Toolkit v1.4 Released for Download SIPcrack - SIP Login Dumper & Hash/Password Cracker Angry IP Scanner - Cross Platform Port Scanner Advanced SPA with fwknop Profiling psad with Devel::DProf Connecting to Mysql - PHP <-- jo2 Free Software Mapper and Cracker Tools Bot Search by Lateral Exploit from NewOrder and SecurityVulns ru

wpacrack.py.txt MU-200807-01.txt USN-624-1.txt

Kuliner Puisi

Modifying Paypal Values on Lowlevel Web's

Disclaimer:I take no responsibility for you or your actions from reading this. This is for educational purposes. This is illegal, so don't do it.

Among hacking and exploration I recently started playing a mmorpg game (World of Warcraft). The game uses virtual currency to allow players to buy new items. Chineese websites exist that sell the fake currency for USD.

After finding such a site I selected how much currency I wanted and was at the checkout paying with paypal when I looked the the source of the paypals "buy now" button

https://www.paypal.com/cgi-bin/webscr?on1=Character&currency_code=USD&cmd=_xclick&business=xxxxxxx_xxx@yahoo.com&on0=Character(Orders_Num)&amount=50.04&item_name=Orders_Num%3A+ /1108643&os1=&x=28&y=21

Right in the source was variable amount with the value 50.04 That was the price for the currency amount I selected to buy. The variable item_name had my order number:1108643 which had all the details like

how much virtual currency I was getting, my players name, etc. I changed the variable amount from 50.04 to 1.00 then put the url in firefox and continued the transaction on paypal. I changed the price from $50 to $1 and paypal accepted everything without a problem.

I then checked my player in the game and I had recieved what I was supposed to pay $50 for. I had altered the price and got away with it. After having proof this worked I contacted the owner of the website and repayed them $49.

I decided to test my new discovery on another website. The website sold music cds, I added a cd to my cart and checked out. When the paypal button was displayed on the page I checked the source:

scripts begin here --> <form action="https://www.paypal.com/cgi-bin/webscr" method="post" id="form1" name="form1">

</form> <-- scripts end here

I changed the amount value from $17.73 to $1.00 and sent the POST. I was then at a paypal page saying: confirm order: xxxxxx price: $1.00

From there I knew it worked. Wether the person at the cd store would print the invoice and ship it OR contact FBI is beyond me.

I have now shown a simple method to modifying prices on items that are sold with paypal. Please don't get arrested, I take no responsibility for your actions. Hope you enjoyed my first article.

by focus