- This topic has 4 replies, 5 voices, and was last updated 10 years, 4 months ago by .
Viewing 5 posts - 1 through 5 (of 5 total)
Viewing 5 posts - 1 through 5 (of 5 total)
- You must be logged in to reply to this topic.
Support site for Tips and Tricks HQ premium products
by
Tips and Tricks HQ Support Portal › Forums › WP eStore Forum › WP eStore F.A.Q/Instructions › What happens if someone modifies the product price in an hacking attempt
Tagged: PayPal Hack
There is this old trick whereby someone tries to modify the prices shown on a webpage by injecting queries into the form but this trick doesn’t work on WP eStore.
WP eStore has post payment verification that checks the amount paid against the correct amount of the product stored in the database. So if someone dynamically changed the price on the webpage then the post payment verification of eStore will catch this and flag the transaction as a scam (no download links will be given to the customer for this payment).
More details on WP eStore’s post payment verification can be found here:
http://www.tipsandtricks-hq.com/ecommerce/wordpress-ecommerce-knowledgebase-523#payment-verification
I am sure the scammer won’t make a noise about it as they know that they were trying to steal, so you get to keep the money they paid too
So in summary, the post payment verification of eStore will fail if anyone tampers with the data and eStore won’t update the database. WP eStore will automatically detect this tampering and send you (the admin) an email when this happens (with some details) so you can investigate this further.
This should be added somewhere on your features list if it isn’t already. A great selling point.
Well, something else happened then. Someone found a security hole in Paypal and told me as much. This is the Google translator version from the French:
A flaw in the paypal payment mode that allows change the price of an order given by altering brief must change the mode of payment paypal on your site by another as ifthat is not secure. well worth a free pack? : 3 no … okay: p
So, there is a security hole somewhere.
There is no hole. Ignore emails like these (it is likely a scammer).
@jgroup — Every few years, like clockwork, this question comes up:
https://support.tipsandtricks-hq.com/forums/topic/security-vulnerability