Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
phpCoupon Remote Payment-Bypass Vulnerability - exploit.company
header-logo
Suggest Exploit
vendor:
phpCoupon
by:
5.5
CVSS
MEDIUM
Remote Payment-Bypass
CWE
Product Name: phpCoupon
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

phpCoupon Remote Payment-Bypass Vulnerability

The phpCoupon application fails to properly secure PayPal payment transactions, allowing remote attackers to perform payment transactions without actually paying money and obtain services for free. An example URI demonstrating this issue is: http://www.example.com/path/user.php?REQ=auth&billing=141&status=success&custom=upgrade5

Mitigation:

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/25116/info

phpCoupon is prone to a remote payment-bypass vulnerability because the application fails to properly secure PayPal payment transactions.

Successfully exploiting this issue allows remote attackers to perform payment transactions in the application without actually paying money. This allows them to obtain services for free. 

The following URI demonstrates this issue:

http://www.example.com/path/user.php?REQ=auth&billing=141&status=success&custom=upgrade5

The '141' and the 'upgrade5' values may vary from installation to installation.

Navigation

Suggest Exploit

Services By CQR