#Note : This note are made up just for security testing only.
Lets getting started!
In hacking, we got many ways to hack the money from commerce site such as SQL Injection, HTML Injection, Cookies Cracker and so more!
In this tutorial, i'll show you just the "key".
If you making sale online and offering a subscription, than people want to pay it using commerce site such as PayPal, then the paypal will make it easy. Using IPN your webs server, and you online database, you can easily create an entirely automated system. This is mean, while you making your sales, in time you are making some mess there, it is you are phishing their information. Now, what you are gonna do is you re required these 4 thing:
1. A subscribe button.
2. An online database that includes a subscriber tables.
3. An IPN Script to keep tabs on new, renewed and expired subcriptions.
4. Dynamic pages that check a visitor's status before allowing access.
Creating The Subscribe Button
The subscribe button for your website can come straight from PayPal's button generator on the Merchant Tool's page (Log into PayPal and click the Merchant Tools tab). This example (created without encryption) should look familiar if you have created any unencrypted Buy Now or Donate Now buttons. The variables a3, p3, and t3 set the amount, period and time unit of the subcription, respectively:
Setting up your Database
Your database table can be simple. A single table need data about email, id and password. The example as above.
Processing Subcriber Notifications
You need to handle two kinds of notification from PayPal: the addition of new subscriber to your database when their sign up ang the removal of subscriber whose subscription laspe or are cancel. here is the snippest of ASP that does (see the "Database Coding and Platform Choices" section of preface for database considerations):
Dont forget to turn on IPN on your PayPal account and point it on your IPN Processing script.
Controlling Access to your valued Content
Now you have a list of subcriber valid that autamatically updated by PayPal on your IPN Script. Next, you’ll need to make use of this information by ensuring that visitors to your site are on the current subscriber list. In this example, all the members-only pages are dynamic ASP pages. The first thing the code does is check that the user is properly logged in. If not, the premium content is not displayed and the user is redirected to a Sign In page. You know the user is signed in if the magic cookie has been set.
The Sign In page simply asks for the user’s email address and password. If this information shows the visitor is a valid subscriber, a cookie is set on the user’s browser. The cookie contains the magic word that allows your subscribers access. Without this cookie, set to the proper magic word, no one can access subscriber-only content.
Your page, login.asp, should contain an HTML form that asks for each customer’s email address and password. Its data is posted to sign_in.asp.
Hacking the HaCK
This example is purposefully simplistic. If the cookie is always the same, all a nonsubscriber needs to do to gain access is manually set the browser’s cookies to include your magic word. In practice, you will want to change your magic cookie daily. Users will need to visit the Sign In screen each day and provide their email address and password to get that day’s magic cookie. Better yet, use a one-way encryption algorithm to create a unique cookie each day for each subscriber.
By, Cr4z13r Hacking
This is just for security testing only!
#Hopefully i type the code correctly. Trust me, if you dont do this, but you have your own sale's page, i think it is enough to make money. Coming soon, Social Engineering on How to Influence people!
-- Edited by Call me if you in trouble on Thursday 19th of September 2013 11:39:24 AM
