Ganjaran Bonus Forex Yang Terbesar Tidak Pernah Ditawarkan Sebelum ini ... BONUS TANPA SEBARANG DEPOSIT SEBANYAK $1500 DARI INSTAFOREX !!


Go Back   CariGold Forum > CONSUMERS, FRAUD, ILLEGAL ACTIVITES > Hacked, Pishing & Fraudulent Websites, Emails

Hacked, Pishing & Fraudulent Websites, Emails Share any useful info with us if you find some pishing or fraudulent websites out there.

Recommended Brokers

Forex Chart
Crypto Chart
CG Sponsors



Reply
 
Thread Tools
  #1  
Old 10-09-2015, 10:42 PM
Joker_ Joker_ is offline
Regular

Joker_'s Avatar
 
Trader Rating: (0)
Join Date: Apr 2014
Posts: 103
Thanks (Received): 0
Likes (Received): 0
Active Level
Exclamation Vulnerability Hunter,Owner website yang tersenarai tolong semak-semak yer..

Harap maklum,dari hasil 'hunting',website-website yang tersenarai kat bawah ni terdedah untuk di exploit.

Aim : Online shop that selling Electronic Product such as E-Book,Sofware and Membership using Paypal.

Vulnerability Found :
Paypal Direct Payment

Keyword : "return to merchant","back to merchant","serta merta","gain access immediately"

Vulnerability Case : The attacker can get the product or membership without paying full price.

List site :
http://www.rahsiapenulis.com
http://www.perolehankerajaan.com
http://www.rahsiarezeki.com
http://rahsiamagnetduit.com
http://rahsiakambing.com
http://www.sistemsaham.com
http://www.rahsiarumahlelong.com
http://www.rahsiataobao.com
http://www.kitforex.com
http://www.panduan-asas-forex.com
http://www.duitfiverr.com
http://www.rajaadsense.com
http://www.maskahwin.com

Macammana aku nak terangkan ni erk....
Mule-mule yang ni dululah :

Client = Pay = We Receive = We give download link

Ada kalangan seller tak nak upload e-product diorang kat server untuk mengelakkan buyer sebarkan link download,ataupun hacker exploit link download,so jadinya

Client = Pay = We Receive = We give our product through email

Kat atas ni penerangan antara direct buyer ngan seller.Maknenyer antara 2 manusia.Kalau si buyer tak bayar,si seller takkan kasi barang,kalau si seller letak harga RM60,si buyer kene bayar RM60 baru dapat barang.

Sama jugak kes kalau gune Paypal direct payment :

Client = Pay = Paypal Receive = Client automatically get download link/email respons


TETAPI,yang ni susah nak ku terangkan...

Aku sebagai "Client".
Si seller ni pulak buat autopilot,means if i make a payment to their paypal account,after the payment i will get the download link,information,email,etc.

Clue = after the payment,bermaksud buat saje payment,kite terus akan dapat download link,information ataupun email mengenai e-product tersebut.

Logiknye walau bayar 0.01 pon dah dianggap payment betul tak ?

Before Server A send to Server B,test out either Server A have checksum,if no checksum,edit the POST before the parameter reach at Server B.

Satu contoh vulnerability,website jual sofware gune payment success = get product

Total price = 129.50


Pay 0.01 (Like i said,0.01 sudah dianggap payment betul tak?)


Instant download link + Serial Number


Sape-sape yang nak copy serial number tu dah terlambat...Aku dah notify owner website.Serial tu dah kene cancel.

Checksum check


Untuk owner website,agak susah untuk aku terangkan disebabkan aku tak cukup pengetahuan lagi.Aku sarankan,yang nak gune paypal ni,jangan terus bagi direct download,buat pengesahan dulu.Manual lagi selamat.

Ade sape2 nak tambah website untuk tujuan vulnerability tester boleh post kat sini...

Last edited by Joker_; 10-09-2015 at 10:48 PM..
Reply With Quote
Paid Advertisement
  #2  
Old 10-09-2015, 10:47 PM
hellspermaster hellspermaster is offline
Active Plus

hellspermaster's Avatar
 
Trader Rating: (0)
Join Date: Aug 2013
Posts: 2,690
Thanks (Received): 3
Likes (Received): 35
Blog Entries: 1
Active Level
My Mood:
Default

Terbaek...
__________________
NKay E. Dept.
Reply With Quote
  #3  
Old 12-09-2015, 01:51 AM
jom jom is offline
Active Member

 
Trader Rating: (0)
Join Date: Jun 2012
Posts: 2,489
Thanks (Received): 4
Likes (Received): 46
Active Level
My Mood:
Default

maknenye untuk tipu penjual la iyee ???
huhuuhuuu
Reply With Quote
  #4  
Old 12-09-2015, 02:07 AM
Joker_ Joker_ is offline
Regular

Joker_'s Avatar
 
Trader Rating: (0)
Join Date: Apr 2014
Posts: 103
Thanks (Received): 0
Likes (Received): 0
Active Level
Default

Quote:
Originally Posted by jom View Post
maknenye untuk tipu penjual la iyee ???
huhuuhuuu
Kalau gune manual payment "selagi seller tak dapat duit,selagi tu la seller takkan bagi barang".

Tapi kalau auto payment ni,

Si pembeli bukan berurusan langsung dengan seller tapi ngan "Robot".

Sape pandai main ngan "robot" ni memang senanglah nak bypass payment.
Reply With Quote
Sponsored Links
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

AMP
Forum Jump