[thelist] OT: e-commerce PayPal
Richard Bennett
richard.bennett at skynet.be
Thu May 9 04:05:00 CDT 2002
Galen wrote:
> Of note... There is a very easy way to bypass the PayPal service by
> reviewing the source code, looking for "hidden return" value (not the
> cancel
> value) and using the URL to go by the paid section straight to
> memebers or
> download section. You can see some source code encrytion here and you
> list
> members can have this free :) http://promote.fateback.com/source.htm
>
I hope everyone realises that the above encryption link is not in the least
bit secure!
It's not even encryption, they are simply escaping (with escape()) some
characters.
All you need to do to "decrypt" the page is change the words:
"document.write" to "alert"
Cheers,
Richard
More information about the thelist
mailing list