Major PayPal Security Issue
Dear Friends,
This information is being provided to you without prejudice towards PayPal. However, I thought I should share this information with those of you who may not know about it already.
Although I would strongly advise against using PayPal all together, for those of you who do decide to use PayPal, please be aware that there are major security issues with their payment buttons.
Anyone using a non-encrypted payment (especially so their own affiliate program will work out commision on their sales) are at high risk if selling digital downloads.
The "form method" in the HTML code can be altered and anyone can buy your digital download for only $0.01 without problems.
Of course there is a procedure that needs to be taken which I am leaving out of this post to maintain security as I do not want to show or encourage people to do this.
However, I have provided the line that is unsecure with some details. Here is an example and I have taken out all the other parts to protect the site.
Take a look at the line below:
INPUT TYPE="hidden" NAME="amount" VALUE="149.99"
This represents the price within the PayPal button. Anyone purchasing from a site without an encrypted button can easily ammend the price to 0.01 and purchase the product for only 1 Cent instead of the asking price.
Therefore: INPUT TYPE="hidden" NAME="amount" VALUE="0.01"
I have tried this on my own site and assure you that it is a 100% major security issue.
DO NOT use button that are not encrypted as this will cost you a major loss. If you do, you may as well give away your product for free using a download link on the main home page.
There is a product that I use to protect ALL my downloads so even if someone was still abale to bypass the official price, unless it matches my backend database on my server, the product cannot be downloaded.
Please see: http://www.e-marketingcompany.com/dlguard.html for more information on this system works.
Sincerely,
Scott Richard Adams, CEO
e-Marketing Company
www.e-marketingcompany.com
This information is being provided to you without prejudice towards PayPal. However, I thought I should share this information with those of you who may not know about it already.
Although I would strongly advise against using PayPal all together, for those of you who do decide to use PayPal, please be aware that there are major security issues with their payment buttons.
Anyone using a non-encrypted payment (especially so their own affiliate program will work out commision on their sales) are at high risk if selling digital downloads.
The "form method" in the HTML code can be altered and anyone can buy your digital download for only $0.01 without problems.
Of course there is a procedure that needs to be taken which I am leaving out of this post to maintain security as I do not want to show or encourage people to do this.
However, I have provided the line that is unsecure with some details. Here is an example and I have taken out all the other parts to protect the site.
Take a look at the line below:
INPUT TYPE="hidden" NAME="amount" VALUE="149.99"
This represents the price within the PayPal button. Anyone purchasing from a site without an encrypted button can easily ammend the price to 0.01 and purchase the product for only 1 Cent instead of the asking price.
Therefore: INPUT TYPE="hidden" NAME="amount" VALUE="0.01"
I have tried this on my own site and assure you that it is a 100% major security issue.
DO NOT use button that are not encrypted as this will cost you a major loss. If you do, you may as well give away your product for free using a download link on the main home page.
There is a product that I use to protect ALL my downloads so even if someone was still abale to bypass the official price, unless it matches my backend database on my server, the product cannot be downloaded.
Please see: http://www.e-marketingcompany.com/dlguard.html for more information on this system works.
Sincerely,
Scott Richard Adams, CEO
e-Marketing Company
www.e-marketingcompany.com
Advertise on APSense
This advertising space is available.
Post Your Ad Here
Post Your Ad Here
Comments (2)
Jen Casey3
My friend told me about this issue and I was shocked to hear it since they are such a big company.
raypatrick3
Hi ,
I have read this article somewhere before ...in some past cyber life i think it was lol or maybe a bout a year ago i read it ...
but well ... lol , its all the same at the end of the day ,
lol ???
http://3in7.com/index.cgi?u=raypatrick