After watching the video that I’ve featured to the right, I decided I was going to try to hack a buddy’s website. I told him what I was going to do and he gave me the go ahead. It would’ve been much more fun to do it without asking. Just like in the video, I copied his html for the web page; changed the values from the original price to $0.01; opened the new page in my browser; and clicked on the Buy Now button. Sure enough, the price was now a penny - a savings of $12.98. I made the payment and, less than a minute later, received the download link to his product.

He tried the same to me but I had Payloadz’s price checking feature turned on so that product delivery to him did not occur. I told him that I thought it would be funny to buy his product for a penny; send him a bunch of emails complaining about the product; and then request a refund for the full price.
Creative Commons License photo credit: gutter

I did some searching to see if I could force an echeck on him but it doesn’t appear that that is controlled in the Buy Now button code. I was able to change some of the code and deactivate his product delivery system (at least for my order alone). Anyhow, it was a good lesson in being aware of what’s out there so you don’t lose a few sales to thieves.

There are still several problems with the hack. If the hacker pays with his paypal account or credit card, he has divulged his identity. Who’s going to ship a product if they only receive payment of a penny? It appears the hacker would have to steal someone’s credit card to pull it off and remain anonymous but what’s the point? He’d only be doing a favor to the cardholder by charging a penny per product. I wouldn’t even dignify this little trick by calling it a hack. It’s pretty brainless. In the end, it’s a good argument for encrypting your Buy Now buttons.

Popularity: 50% [?]

You Should Also Check Out This Post:

More Active Posts: