[TYPO3-commerce] *SECURITY ISSUE* possible Hack of paypal2ogone extension
Martin Holtz
typo3 at martinholtz.de
Wed Dec 12 23:10:56 CET 2007
Hi daTib,
ever read this sentence:
"Found a security problem? Please get in touch with us!
If you think you have found a security issue in TYPO3 or an extension,
please contact the TYPO3 security team! Thank you!"
it would has been nice, if i had some more time to fix this issue:)
Next time, ok;)
Since the extension is not in TER available, you can download it here:
http://www.martinholtz.de/index.php?id=208
> I guess it happens because paypal2commerce receives the data from the
> session... even if session has changed.
yep - now i check if the payment which is done via paypal is the same as the
payment which should be paid.
regards,
martin
--
TSConfig:
http://typo3.org/documentation/document-library/references/doc_core_tsconfig/current/view/
TSRef: http://wiki.typo3.org/index.php/De:TSref
http://wiki.typo3.org/index.php/User:Maholtz
http://www.martinholtz.de
More information about the TYPO3-project-commerce
mailing list