0

I use inline checkout. And in inline checkout data can be sent using the browser or through js like in the 2checkout demo (http://2checkout.com/demo). I was actually able to buy the Acme Subscription at 2checkout demo which is priced at $9.99 for $1.00. Here is what I did: I edited line 402 of cart.js to set li_#_price to "1.00". ANd that's it, I was able to buy the Acme subscription for $1.00. See the attached screenshots:enter image description hereenter image description here

Is there any fix for this?

Samar Rizvi
  • 300
  • 1
  • 9

1 Answers1

1

Cart.js is not included in any of our current checkout routines, it's there for the demo app specifically and we have other measures in place to protect against this in our production environment.

wtrmLn
  • 121
  • 1
  • 2
  • Hi, I also shall like to know about the measures to ensure that no one can fraudulently change the price in inline checkout. In short, I shall like to know, how should I use inline checkout at my domain, so that price cannot be changed during inline checkout. – Samar Rizvi Jul 28 '16 at 10:01
  • Please try integrating yourself if you wish to fully probe for this information (https://www.2checkout.com/documentation/checkout/inline-checkout), as I do not feel like openly discussing what security measures are in place to prevent this from happening. – wtrmLn Jul 28 '16 at 20:21
  • ok. But if am able to create the same scenario as above in my website integrated in 2checkout, I shall like to have a private discussion with you for how that can be prevented. – Samar Rizvi Aug 01 '16 at 12:03
  • Sure - You can email us at techsupport@2co.com regarding this matter. – wtrmLn Aug 01 '16 at 15:04