 |
 |
 |
 |
|
|
|
Comments for: sporty20001102
| Message # 1018799: |
|
Date: 02/07/04 20:29
By: john smith Subject: RE: Credit card hack -- will that work?? Regarding the credit card hack described in this article....I just don't see how that would work? If someone were to put in the bogus HTML into the CC field, as described above and pressed the submit button, it would re-display the page with the extra field. Then if that same person were to put a credit card number into the second feild and submitted the form again, it would send the credit card to the other website. Basically, the hacker would be sending his own credit card to some other site. However, all other people that were using the form would have the form displayed correctly went they went to the page. They would then use the form as intended. The input the hacker submitted would only affect the instance of the program that he was running. If I am wrong about this, perhaps someone could explain it to me since this example only seems like it would be a problem if the hacker could affect the actual php code stored on the server with his bogus form input |
Previous Message | Next Message |
| Comments: | ||
| Do you wanna buy Credit Card ? | Migawa | 12/29/04 01:54 |
| how do i hack credit cards | tosin | 11/18/04 13:43 |
| RE: Credit card hack -- will that work?? | john smith | 02/07/04 20:29 |
| A generic validation script for web forms? | Kelvin Poon | 09/19/03 11:22 |
| RE: Where to check? | Jester | 04/05/03 12:03 |
| Where to check? | Ian | 10/09/02 02:11 |
| Real Time Data | John | 10/06/02 10:27 |
| RE: What about this ? | Chris | 09/23/02 17:02 |
| What about this ? | Staffan Söderström | 09/13/02 06:37 |
| RE: Credit card hack -- will that work?? | Andy Christianson | 09/06/02 01:50 |
| RE: Credit card hack -- will that work?? | Andy Christianson | 09/03/02 16:51 |
| RE: Javascript form validation workaround | Mark Bembnowski | 08/20/02 11:54 |
| Security of $_POST[] | Jeremy Brown | 07/28/02 15:55 |
| RE: Very dangerous sql code possible | Daniel Tsadok | 07/16/02 06:24 |
| Javascript form validation workaround | Daniel Tsadok | 07/16/02 05:56 |
| Somebody has hacked my credit card | Parul Asha Singh | 07/14/02 11:11 |
| RE: When is it too much | Hari Usmayadi | 07/07/02 22:29 |
| check input | Wolfgang Hamann | 04/14/02 03:28 |
| unknown extension | Peter van Rooijen | 04/03/02 02:13 |
| excellent !! | mika | 02/02/02 09:15 |
| Un Normalised Table Into Un Normalised Data | Mehmood Ahmed Chadhar | 09/26/01 03:00 |
| RE: Credit card hack -- will that work?? | Grasso | 08/06/01 00:23 |
| RE: ...basic problem.. | Frans-Jan Wind | 07/24/01 02:38 |
| Page Caching | Unknown | 07/19/01 02:16 |
| ...basic problem.. | Van Tri | 05/04/01 08:49 |
| RE: Very dangerous sql code possible | Chris Boget | 04/04/01 13:16 |
| good solution | igor | 03/22/01 13:24 |
| RE: Credit card hack -- will that work?? | Michael McGinley | 03/13/01 11:44 |
| RE: http_refferer | Josh | 03/11/01 02:19 |
| Credit card hack -- will that work?? | Chuck Clayton | 02/15/01 11:13 |
| RE: Very dangerous sql code possible | Wojtek | 12/24/00 07:18 |
| RE: http_refferer | Michael Rowe | 11/26/00 00:46 |
| Very dangerous sql code possible | Greg MacLellan | 11/22/00 12:18 |
| Checking for bad SQL | Martijn | 11/14/00 11:05 |
| http_refferer | Adam Zochowski | 11/13/00 12:51 |
| It's array_push not push_array | John Miller | 11/10/00 15:34 |
| RE: Also need to strip HTML tags from input | spencer p | 11/10/00 11:53 |
| Also need to strip HTML tags from input | John Lim | 11/09/00 10:03 |
| RE: When is it too much | spencer p | 11/04/00 16:59 |
| RE: When is it too much | Tim Frank | 11/03/00 23:38 |
| When is it too much | CCBCREG | 11/03/00 13:35 |
| Article | Marc | 11/03/00 03:14 |
| Excellent ! | Bjorn Sodergren | 11/03/00 01:23 |
|
If you are looking for help, please post on the appropriate forum here. Your questions will be answered much more quickly. | ||
