dongyan1974 2019-04-15 08:29
浏览 87
已采纳

Prestashop 1.6退房时的金额篡改

I have a shopping cart built in Prestashop 1.6 and I have integrated HDFC Payment Gateway in it . After an security audit the bank told me "The test found one high-risk vulnerability (i.e. Amount Tampering)". Resolution- Kindly maintain the session.

I had not coded anything as Prestashop 1.6 is in built CMS and neither did i do anything with the HDFC payment gateway as they provided a pre built code from their end which is developed using Prestashop 1.6. I just installed the module from backend.

The Problem

  1. Added one item to the cart and checked out. (eg - 400 USD)
  2. On the 3rd party hdfc payment gateway page i didn't process with the payment.
  3. Opened another tab and added few more items (eg - 400 USD + 300 USD)
  4. Now back to point 2 and i processed with the amount for 400 USD and paid.
  5. In my admin panel its showing paid for 400 USD + 300 USD and two items are bought by the customer .

I have no idea how to solve this Amount related issue.

I am a newbie in Prestashop and Payment Gateway Integration.

  • 写回答

1条回答 默认 最新

  • dtx3006 2019-04-15 17:19
    关注

    The best practice with payment processing is always to double-check that the amount sent back by the bank after the payment was processed is perfectly matching with the amount of the related shopping cart in your local (PrestaShop) database.

    Here's a simplified flow chart:

    PrestaShop / HDFC flow chart

    In case you do not have programming skills, I would suggest to kindly refer to the module's developer so he/she can address that security issue.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 乌班图ip地址配置及远程SSH
  • ¥15 怎么让点阵屏显示静态爱心,用keiluVision5写出让点阵屏显示静态爱心的代码,越快越好
  • ¥15 PSPICE制作一个加法器
  • ¥15 javaweb项目无法正常跳转
  • ¥15 VMBox虚拟机无法访问
  • ¥15 skd显示找不到头文件
  • ¥15 机器视觉中图片中长度与真实长度的关系
  • ¥15 fastreport table 怎么只让每页的最下面和最顶部有横线
  • ¥15 java 的protected权限 ,问题在注释里
  • ¥15 这个是哪里有问题啊?