TITLE: PHP Toolkit for PayPal Payment Bypass and Exposure of Transactions SECUNIA ADVISORY ID: SA18444 VERIFY ADVISORY: http://secunia.com/advisories/18444/ CRITICAL: Moderately critical IMPACT: Security Bypass, Exposure of sensitive information WHERE: >From remote SOFTWARE: PHP Toolkit for PayPal 0.x http://secunia.com/product/6809/ DESCRIPTION: .cens has reported two security issues in PHP Toolkit for PayPal, which can be exploited by malicious people to bypass certain security restrictions and disclose sensitive information. 1) The problem is that payment information is stored insecurely in log files in the "logs" directory inside the web root. This can be exploited to disclose certain transaction data. 2) The problem is that the "ipn_success.php" script does not properly verify the origin of payment information. This can be exploited to write a successful payment to the "logs/ipn_success.txt" log file even when no payment via PayPal has occurred. The security issues have been reported in version 0.50. Other versions may also be affected. SOLUTION: Restrict web access to the "logs" directory and edit the source code to ensure that payments are performed securely. PROVIDED AND/OR DISCOVERED BY: .cens, uinC Team ORIGINAL ADVISORY: http://www.uinc.ru/articles/vuln/ptpaypal050.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------