TheRandomizer Forum Index » Request a new feature » Security problem with the randomizer script!    View previous topic :: View next topic  Security problem with the randomizer script! Posted: Mon Oct 27, 2003 11:02 pm tombrett Visitor Joined: 27 Oct 2003 Posts: 13 Hi, Well first off let me say that is not really a security problem with the randomizer script, but more a security problem with Stormpay that affects this script (in a very severe way)! The problem? Once you have clicked on the Stormpay buy now button, no matter how much encryption or security you use stormpay's transaction page shows the return_url part of it's pay now web transaction form in PLAIN TEXT (in the pay now transaction form's HTML code)! In clear view for every hackers prying eyes! What makes matters worse is how easy and trivial this "bug" makes stealing from a randomizer running this otherwise excellent script! for a demonstration goto http://randompayments.com/?id=208.html (Randompayments.com uses this script). And click Join now. choose Stormpay as the payment processor option. in the stormpay Transaction Preview / System Access screen use your web browser to view the HTML source code of the form. From Internet Explorers top menu bar choose menu Item VIEW->Source. Scroll down the HTML Souce code in notepad until you see something like the following HTML Code : <input type="hidden" name="user_id" value=""> <input type="hidden" name="require_IPN" value=""> <input type="hidden" name="notify_URL" value=""> <input type="hidden" name="return_URL" value="http://www.randompayments.com/join.php?stage=primua"> <input type="hidden" name="cancel_URL" value="http://www.randompayments.com"> <input type="hidden" name="subject_matter" value="RandomPayments.com Membership Fee"> The important one is the return_URL value of the HTML form stormpay produces. <input type="hidden" name="return_URL" value="http://www.randompayments.com/join.php?stage=primua"> The return_url value in clear plain text view for every hackers prying eyes! Now load http://www.randompayments.com/join.php?stage=primuap in your browser and repeat this process until you get to http://www.randompayments.com/users/completea.php your in! All your "security"/ encryption defeated with a trivial and commonly known attack! How to solve this problem? Simply add referrer checking in join.php and completea.php to verify the referrer came from one of the accepted payment processors web addresses! It's trivial to defeat your security, but it's also trivial to fix it! If you add this bug fix to your software, I will most definately buy the script, because otherwise, therandomizer.net is excellent software! Many Kind Regards, Tom Brett. Posted: Wed Oct 29, 2003 11:11 am daniel Addict Joined: 19 Sep 2004 Posts: 177 Hi Tom and hello to all! I am very upset that Stormpay isn't encrypting the fields too.Most of the payment processors do-I think it is normal. Anyway,a solution for this issue was given by Shadow...and I am building a new one now. Basically ,the account won't be created if the user didn't pay Daniel.  Security problem with the randomizer script!   TheRandomizer Forum Index » Request a new feature All times are GMT   Page 1 of 1   All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year Oldest FirstNewest First  Select a forum General----------------Announcements and updatesPre-sale questionsTestimonials and Feedback Technical Support----------------Installation HelpGeneral SupportMods and HacksBug Reports General Comments and Questions----------------Request a new featureMarket Place Others----------------Chit ChatLink Exchange

Powered by phpBB© 2001-2006 phpBB Group |Randomizer Script | Web Hosting | phpBB Skin by Vjacheslav Trushkin