Learn More
Resend Email
86
DRSDavidSoft
7y

So, here's how online payment works in my country:

1. The selling website creates a hidden <form> and populates it with product ID, price and etc.

2. Some Javascript posts the mentioned form to the bank from the browser.

3. User enters credit info, and submits. If all is right, the bank creates another hidden <form>, and populates is with status code and an invoice ID.

4. Said form is then posted back to the selling website.

I don't know how the programmers behind this scenario call themselves programmers if they don't know basic things about server-side only verifications, but thanks to them I've been buying a lot of products for free these past years. 😂😂

How? 1. Just install Requestly, Tampermonkey and enable Chrome's dev tools.
2. Change price to zero, and the bank's response code to success.
3. Profit!

P. S. I have notified the people behind this, but they don't listen and go fix their codes. Oh well, serves them right.

undefined

html

payment

web development

programming

wtf
Favorite
Ranter
Comments
  • 4
    7y
    And they don't even notice that they're selling stuff for free?
  • 4
    7y
    @620hun They either don't have a proper log system, or can't do anything about it once you've made your purchase. I only use this method mainly to reduce VATs from the final price, or buy items at their original price (they charge a lot more when selling online.)
  • 3
    7y
    If they dont bother fixing it, product is on them :)
  • 21
    7y
    Out of curiosity, which country do you live?
  • 34
    7y
    Maybe you should tell us the site as well. We can conduct some... research, yes, research.
  • 2
    7y
    Security is probably an unknown word for them..
  • 1
    7y
    @skanna I'm also very curious where something like this is really done
  • 7
    7y
    @davidmaerz It's like he's giving us a porn with censored areas....
    Like an half joke...
    Without the last bits it's all useless!
    And yes, the shop name would be quite useful too... Research reasons, of course...
  • 2
    7y
    Further information needed... Until then, here is my free ++
  • 1
    7y
    Like everyone else, I too am curious about who this might be.
  • 3
    7y
    If we all "buy" stuff - maybe we force them to hire a real dev. Give us the link to the shop - for science ofcourse!
  • 7
    7y
    My favourite quote:

    "Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the universe trying its best to build bigger and better idiots. So far, the universe is winning."
  • 1
    7y
    I think its a problem with website that uses bank gateway, there must be a verification step that occurs in server side but maybe that specific website is not doing that well.
Related Rants
devRant © 2021 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment