71

The best I have seen and exploited was years ago with a web shop that allowed me to set my own check-out price by just inspecting the element and setting the desired price. It just happily advanced to the next step where they invoked the payment provider with my custom price. Unfortunately the shop doesn't exist anymore. I have encountered many more security leaks but this one was so easy and lucrative to exploit.

Comments
  • 0
    OMG xD
  • 1
    Wow! What an oversight!

    I know Steam let's you do this when purchasing store credit, but even then you're still just get the equivalent of what you pay for :P
  • 0
    What it should do then is take you all the way through and the last message would say:

    "You are now on Santa's naughty list, you will be charged double; ho ho ho"
Add Comment