mssales Posted August 21, 2013 Share Posted August 21, 2013 I just discovered that someone can execute the following and generate a false alert on any Prestashop with Paypal module installed: http://mysite.com/modules/paypal/express_checkout/payment.php?quantity=1%29%20AND%20%286211=6211&id_p_attr=1&bn=FR_PRESTASHOP_H3S&id_product=24¤t_shop_url=http:/www.mysite.com/anyproduct/product123.html&express_checkout=product Try it yourself on your store and substitute mysite.com to your site and anyproduct/product123.html to any product page on your site. Not sure if we can prevent this or this is something to be improved in the PrestaShop Paypal module? Link to comment Share on other sites More sharing options...
Recommended Posts