Bugtraq mailing list archives
RE: NON-Secure Credit card info transfer from time.com/pathfinder .com
From: jpaquin () landsman com
Date: Wed, 17 Oct 2001 17:26:23 -0400
The problem is that while the page https://www.pathfinder.com/subs/books/forms/td/tdspecialed01.html itself is secure, as noted by the "https" at the beginning of the URL, when you click the "Submit Order" button, the html in that page reading:
That doesn't seem to be the only problem. Press "submit" on that page without actually filling anything in, you'll be taken to the actual order page. Now, check the URL. It appears that upon calling that page you may substitute anything you wish for any of the values, including price and shipping cost. Perhaps upon submission they check the price, they aren't getting my credit card order quite yet. Perhaps ordering that issue at any price you'd like will get them to fix it. Jacques Paquin
Attachment:
smime.p7s
Description:
Current thread:
- RE: NON-Secure Credit card info transfer from time.com/pathfinder .com jpaquin (Oct 17)