[thelist] I can't believe what I just read....
Anthony Baratta
Anthony at Baratta.com
Thu Oct 19 13:33:35 CDT 2000
Lumir G Janku wrote:
>
> Actually, VeriSign/Signio use the same method for merchant id, except you
> don't need to pass the amount as hidden varieble, but you certainly can.
> However, when the merchant sets up the gateway parameters on the VeriSign
> end, they specify the url that the form is accepted from. So, it you try to
> spoof the form and send it from an untrusted server, you are SOL. I assume
> these guys have a similar setup.
Do you know how easy it is to spoof HTTP Headers??? There are perl and other scripts
as well as custom browsers (hell grab a copy of Mozilla source and build your own)
out there that allow you to hack the HTTP headers.
--
Anthony Baratta
President
KeyBoard Jockeys
South Park Speaks Version 3 is here!!!
http://www.baratta.com/southpark
Powered by Tsunami
More information about the thelist
mailing list