Follow us on Twitter!
Society leans ever heavily on computers, if you have the power to take out computers you can take out society. - cubeman372
Saturday, April 19, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 24
Guests Online: 21
Members Online: 3

Registered Members: 82839
Newest Member: fezphantom
Latest Articles
View Thread

HellBound Hackers | HellBound Hackers | Questions

Author

HBH Con v2 vuln...


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-03-07 20:13
Well, I was looking on buying a ticket, and noticed that there was a paypal button on the description page...I viewed the source, and saw in that the amount was right there in javascript. I used a javascript injection (javascript:void(document.forms[0].amount.value=".01"WinkWinkto change the 15 to 1 cent...then i clicked the paypal button, and the total amount said .01.


Not sure if you meant to do that, or if I am just stupid..but I am just letting you know...


Author

RE: HBH Con v2 vuln...

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 02-03-07 20:22
True, but I don't think they'll give you a ticket if you don't pay the full price Wink


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .
Nope http://uber0n.webs.com/
Author

RE: HBH Con v2 vuln...

SySTeM
Member

Your avatar

Posts: 1524
Location: England, UK
Joined: 27.07.05
Rank:
HBH Guru
Posted on 02-03-07 21:42
This isn't really a vuln to be honest, plus it was originally found in the exclusive membersip page Pfft


img138.imageshack.us/img138/6527/sig2ak1.jpg
www.hellboundhackers.org/sig/r/2783.png

http://www.elites0ft.com/
Author

RE: HBH Con v2 vuln...

Mr_Cheese




Posts: 2468
Location: Brighton, UK
Joined: 30.11.04
Rank:
Uber Elite
Posted on 02-03-07 22:57
yep, and if i get payments for less than its priced, i reject the payment.

so isnt really a vunerbility, but well done for working it out anyways.:ninja:


http://www.hellboundhackers.org/
Author

RE: HBH Con v2 vuln...


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-03-07 00:27
It's not a vulnerability on HBH, because there's not a huge mass of orders or anything, so each payment is easily checkable. But Yahoo! has the same vulnerability with GeoCities (the paid packages). My firend used one for nearly free for about 2 months, but wussed out (ok, I would've done the same) and quit.

P.S. - He never got caught Pfft


Author

RE: HBH Con v2 vuln...


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 07-03-07 00:27
Ahh well...at least I found it xD