Saturday, 10 January 2015

Buying any Online Product in a $ Dollar (1 Rupees)


In the above hacking video I’m demonstrating a hack named as ‘Exploiting Hidden Field’ this vulnerability is especially available in online shopping sites.

Developers often don’t validate the information that is received from hidden field. So, that vulnerability allow attacker to find and modify hidden fields to obtain a product of any price in a price he wants.
In simple words by using some tools we can easily buy any online product of any cost at a specific price we want. For example if i only have a dollar and i want to buy a brand new laptop of $1000 then by just modifying hidden fields we can easily buy a laptop in one dollar or in $5 because in some ecommerce CMS there is a security restriction named as ‘Lowest Value for Purchases’.


Prevention

There is no prevention for common users but developers should take an action while developing a online shopping website they should validate the data received from hidden fields.
Note: If you’re on mobile, Video of this article will not appear so you can see that video on YouTube: Buying any Online Product in a Dollar



Keep Visiting

No comments:

Post a Comment