15

A checkout application where, in the confirmation screen, everything (amount, references, currency, quantity of items, etc.) was sent to the client as a form, and they submitted this form to confirm.

...but there was no verification on any of the above. So any of the above could be changed and it'd collect whatever funds, and order whatever items, with whatever references you gave it.

This wasn't a major player in the space, but was big enough that most people would likely have heard of at least some companies using it. It's still being actively used today, and I can near guarantee not all the flaws have been fixed.

Comments
  • 1
    This actually used to be rather common back when web forms were brand new.

    Like a fucking lifetime ago.
Add Comment