Jump to content

Website Hacking

mazmac24

By mazmac24
in Questions

 Share

Recommended Posts

stingwray Newbie

stingwray

Posted
Posted

Well I wouldn't recommend you to try hacking into an e-commerce website, and generally hacking into any website is stupid, unless it is your website which you are testing.

Hacks for websites though is a different thing completely. Hacks are a term for getting a website to do something which is cool by using features already in it. Like there are tons for the Google search engine for getting it to look in different places etc.

Link to comment
Share on other sites
spektormax Newbie

spektormax

Posted
Posted

ok... Im goig to be very careful about how much fo the hack I give away... beacuse I kno countless noobs that will just copy paste it... BAsicly any site using paypal, has a form that it posts (sends) to paypal's php script that does billing. In the form, there are things like price, currency, and payment reocorences. One could perform a "javascipt injection" thru the borwsers own javascipt ability by for example tyoung

java script:"command"
and then outtign th command into it that you want eecuted. Now, the exact commands you need to figure out (or google for you''ll find them), but if yoou do it right, saw 5 dolors a mouth can become .01 YEN every 5 years. Just don't do it on big sites, cuz thats bank fruad, and here in the USA thats federal prison with buba
Link to comment
Share on other sites
cooper Newbie

cooper

Posted
Posted

It just so happens that I'm familiar with the paypal payment method (they have some decent documentation on it on the site aswell).

What happens is that you send off the customer to the paypal site to perform the payment. You must configure PayPal with a callback URL that it will call on completion of the transaction to notify you that the customer did in fact pay. In this callback all those fields you mention are present. You are then required to post back these fields to PayPal, and only consider the transaction succesfully processed if you get a response that has the word VERIFIED in it somewhere.

So, for starters, PayPal calls you on a page that you're supposed to hide on your site since only PayPal is going to use it. I.e. good luck finding it.

On top of that, this script can test the IP of the calling machine, and deny everything if it's not one of paypals. And finally, this is how the business is informed that something has been paid for, and includes a field that the business can fill in on its own (unique transaction ID or some such) which you shouldn't be able to guess.

I don't see where the hack would be. You can't find where to poke, and it's trivial to detect the poking.

Link to comment
Share on other sites
CaveMan Newbie

CaveMan

Posted
Posted

lol, if u didn't understand what he meant than u really are a complete noob :P

but still

java script:alert(document.cookie) will show you the cookies on the site

than to edit the cookies

java script:void(document.cookie="userid=ICP")

than to view them do the alert 1 again :p

any site that this is useful for deserves to get hacked...

Link to comment
Share on other sites
cooper Newbie

cooper

Posted
Posted

Dude, please. You're killing me.

Read the first post in this thread (hell, read all of it, but AT LEAST the first port), and follow the links in it:

http://www.hak5.org/forums/viewtopic.php?t=913

Read those pages aswell. And I don't mean read as in 'gaze over it, get bored and move to the next'. I mean REALLY read. Don't learn the words, try to understand what is happening.

As fun as hacking a website might be, understand that the people who made the websites typically put quite a bit of thought into it, and because of this finding a way to hack them will be HARD. If the site is higher profile (Microsoft, financial institutions, ISPs) expect them to have REALLY put some SERIOUSLY smart folks to work on their sites. To get a hack there, you'll have to outsmart them. And if you think that will be easy, well, you've got even more to learn than we already know you do.

Good luck!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...