possible hack

  • Resolved davidgimenez

    (@davidgimenez)


    1 year, 4 months ago

    How is it possible that a user tries to buy a downloadable product and is left pending and then with another email in the same account makes it possible for him to buy a product for x money at 0 price? That is the email [email protected] that he uses to make purchases with a card on the website for products for x money at 0 euros. I can’t explain how he gets it and I have no errors on my website. I use woocommerce with storefront

Viewing 5 replies - 1 through 5 (of 5 total)
  • Saif

    (@babylon1999)

    Hello @davidgimenez,

    Thank you for reaching out!

    Can you please provide step-by-step instructions on how to reproduce this?

    It would be great if you could also include a few screenshots. :?)

    Look forward to hearing back from you.

    Thread Starter davidgimenez

    (@davidgimenez)

    I don’t have more information or errors on how you could get to buy paid products totally free from what I could see. I tried to pay with a registered email and I was pending and with that email that I published I made the purchases for free when the products are from I don’t understand how I got it because I tested it on my website and I have mega security and I didn’t see any errors, it was some error on the part of woocommerce on the checkout page somehow it makes the products free to pay

    Saif

    (@babylon1999)

    I don’t have more information or errors on how you could get to buy paid products totally free from what I could see.

    If I understand this correctly, you’re able to download products before making a payment, essentially right after you place an order, correct?

    You can modify this by going to WooCommerce → Settings → Products → Downloadable Products.


    Link to image: https://d.pr/i/kEmxM0

    If that doesn’t seem to be the issue, could you kindly provide us with step-by-step instructions on how to recreate the problem? This way, we can try to replicate it on our end. For example:

    1. Create a downloadable product from All Products → Add new
    2. Adding a file with a specific name.
    3. Add the product to the cart and test the order using a certain payment gateway.
    4. And so on.

    Look forward to hearing back from you. :?)

    Thread Starter davidgimenez

    (@davidgimenez)

    I use the YITH WooCommerce Stripe Premium payment gateway and I tell the following I realized that a user tried to pay for a paid product but it remained pending after that the same user with that email that he provided without changing the initial email made a purchase with 0 dollar card when the product had a price. I looked for errors and carried out tests and I did not find anything. Somehow I cheated the payment system of the payment gateway and of woocommerce to buy at 0 euros when the product had a price.

    Howdy @davidgimenez ??

    possible hack

    nmaller.com appears to be a disposable email domain.

    I tried to pay with a registered email and I was pending and with that email that I published I made the purchases for free when the products are from I don’t understand how I got it because I tested it on my website and I have mega security and I didn’t see any errors, it was some error on the part of woocommerce on the checkout page somehow it makes the products free to pay

    Nevertheless, I understand you are able to reproduce this, with a different email address. Correct?

    I use the YITH WooCommerce Stripe Premium payment gateway

    Did you already have a chance to get in touch with the payment gateway’s support channel regarding this?

    Furthermore, are you able to reproduce this with one of the WooCommerce core payment options, or otherwise?

    I trust that points you in the right direction, but if you have more questions, let us know.

    We’re happy to help.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘possible hack’ is closed to new replies.