Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Hack Your Credit Card Company

from [phased] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Hack Your Credit Card Company
Date: Thu, 26 May 2005 00:03:27 +0400 

Why anyone would distribute pictures of themselves if they looked like you,
I do not know.

-----Original Message-----
From: Kristian Hermansen <khermansen@ht-technology.com>
To: full-disclosure@lists.grok.org.uk
Date: Wed, 25 May 2005 15:46:02 -0400
Subject: [Full-disclosure] Hack Your Credit Card Company


I have recently discovered some pretty common ways to bypass/override
credit card company online payment systems.  Many of the hacks I have
played around could result in a massive loss of income for the
companies.  I have added a simple page detailing how I did one of these
attacks on my own company.  You guys might be interested to know that
almost every consumer online payment system I have run into has such
issues.  The link below will walk you through a very simple scenario I
have played out in real-life, on a live system:

http://www.kristianhermansen.com/cchack/hack_gm.html

Credits go out to Jon Hermansen for a few details which helped with
further exploitations.
-- 
Kristian Hermansen <khermansen@ht-technology.com>

ATTACHMENT: application/pgp-signature ("signature.asc")

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] Hack Your Credit Card Company, Kristian Hermansen
Next by Date:  Re: [Full-disclosure] Not even the NSA can get it right, Valdis . Kletnieks
Previous by Thread:  [Full-disclosure] Hack Your Credit Card Company, Kristian Hermansen
Next by Thread:  [Full-disclosure] OpenServer 5.0.6 OpenServer 5.0.7 : nwprint privilege escalation, please_reply_to_security
Indexes:  [Date] [Thread] [Top] [All Lists]