Home > Cyber Security > CEH- (Cerified Ethical Hacker) > PayPal Checkout Payment Gateway plugin 1.6.17 for WordPress allows Parameter Tampering in an amount parameter as demonstrated by purchasing an item for lower than the intended price-CVE-2019-14979

PayPal Checkout Payment Gateway plugin 1.6.17 for WordPress allows Parameter Tampering in an amount parameter as demonstrated by purchasing an item for lower than the intended price-CVE-2019-14979

cve-2019-14979-vikas-chaudhary

#  Exploit Title: cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.17 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than the intended price
#  Date: 09.08.2019
#  Product Title :Woocommerce Paypal Checkout gateway Plugin
#  Vendor Homepage: https://wordpress.org
#  Software Link : https://wordpress.org/plugins/woocommerce-gateway-paypal-express-checkout/
#  Category: Web Applications Plugin (WordPress)
#  Version: 1.6.17
#  Active installations: 700,000+
# Exploit Author: Vikas Chaudhary
#  Contact: https://gkaim.com/contact-us/
#  Web: https://gkaim.com/
#  Tested on: Windows 10 -Firefox .
# CVE-2019-14979.
*****************************************************
##  VENDOR SUMMARY :- This is a PayPal Checkout Payment Gateway for WooCommerce.
PayPal Checkout allows you to securely sell your products and subscriptions online using In-Context Checkout to help you meet security requirements without causing your theme to suffer. In-Context Checkout uses a modal window, hosted on PayPalís servers, that overlays the checkout form and provides a secure means for your customers to enter their account information

##  Vulnerability Description => The Web Parameter Tampering attack is based on the manipulation of parameters exchanged between client and server in order to modify application data, such as user credentials and permissions, price and quantity of products, etc. Usually, this information is stored in cookies, hidden form fields, or URL Query Strings, and is used to increase application functionality and control.
This attack can be performed by a malicious user who wants to exploit the application for their own benefit, or an attacker who wishes to attack a third-person using a Man-in-the-middle attack. In both cases, tools likes Webscarab and Paros proxy are mostly used.
__________________________________
Proof Of Concept:- PoC
1- Install Woocommerce Paypal checkout gateway plugin (1.6.17) in Remote.
2- Now fix a price of any product and configure it with this plguin.
3- Do checkout through paypal and capture the data through burp.
5- Here you will find post based request with amount parameter- Now Edit amount parameter as you want and forward it .
6- You will see a new price and you can purchase that product on your new edited price.

____________________________________

————-
Post REQUEST:-


———–
Post RESPONSE:-


———-


Summary
Article Name=>
PayPal Checkout Payment Gateway plugin Vulnerability
Description=>
PayPal Checkout Payment Gateway plugin 1.6.17 for WordPress allows Parameter -CVE-2019-14979
Author=>
Publisher Name=>
www.gkaim.com
Admin
Welcome Sir, .. Myself Vikas Chaudhary , i was interested in general knowledge since childhood , so i thought why not to share my knowledge with you, that's why i created this educational blog. Here you find world wide general knowledge of all Latest technology , Science & History Que , and Mysterious fact of the world. Here you also find knowledge about cyber security. Thanks for visit.. keep supporting....keep Loving
https://www.gkaim.com

Leave a Reply

%d bloggers like this: