Ask a question    Sign Up Sign In
  1. Home
  2. php - Exploit on HTTPS, how change https form value

963 votes
2 answers

php - Exploit on HTTPS, how change https form value

Get the solution ↓↓↓

Solution:

When the payment confirmation comes back from the gateway you should check that the actual amount paid matches the amount that should have been paid. Only then has the user paid. It's fine to post prices along with your form but it must always be checked upon completion.

233
votes

Answer

Solution:

If the pricing / discount information is hidden on the DOM (via hidden inputs, for example), manipulating the DOM using Chrome's "Developer's Toolbar" or Firefox's "Firebug" is trivial, allowing for any end user to make changes to those hidden inputs without reprieve.

Write your answer



785
votes

Answer

Solution:

Never trust the values that come on the form, the value must be always be set\validated on the server side. From what I gathered you are passing the value as a hidden field on the form, and the user is simply altering that.

Write your answer



Share solution ↓

Additional Information:
Link To Source
People are also looking for solutions of the problem: sqlstate[23000]: integrity constraint violation: 1452 cannot add or update a child row: a foreign key constraint fails

Didn't find the answer?

Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.

Similar questions

Find the answer in similar questions on our website.

517 php - How to send multiple text field values to next pho page when the text field is created using while loop?
432 php - json parsing failed - cocoa error 3840 and invalid value around character 0
762 Changing a PHP value dynamically with Javascript
549 .htaccess - Disabled PHP for Single Directory with HTACCESS (PHP-FPM)
272 php - How can use querybuilder with Symfony formbuilder to join two entities?
341 php - Sort Multi-dimensional Array by Size Value
92 php - Search Form with One or More (Multiple) Parameters
638 php - Output formatting Year Month Number
958 phpoffice - How do I extract the text content from a word document with PHP?
468 How to get maximum key/values pair array from a associative array in PHP?

Write quick answer

Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.





About the technologies asked in this question

PHP

PHP (from the English Hypertext Preprocessor - hypertext preprocessor) is a scripting programming language for developing web applications. Supported by most hosting providers, it is one of the most popular tools for creating dynamic websites. The PHP scripting language has gained wide popularity due to its processing speed, simplicity, cross-platform, functionality and distribution of source codes under its own license.
https://www.php.net/

Welcome to programmierfrage.com

programmierfrage.com is a question and answer site for professional web developers, programming enthusiasts and website builders. Site created and operated by the community. Together with you, we create a free library of detailed answers to any question on programming, web development, website creation and website administration.

Get answers to specific questions

Ask about the real problem you are facing. Describe in detail what you are doing and what you want to achieve.

Help Others Solve Their Issues

Our goal is to create a strong community in which everyone will support each other. If you find a question and know the answer to it, help others with your knowledge.