Jump to content

 

d2event

Member Since 30 Jan 2008
Offline Last Active Jun 10 2016 08:05 AM
-----

Posts I've Made

In Topic: language translating option for 2.0.3

10 May 2009 - 05:03 PM

Thx for help, but I have found this myself :]

In Topic: Multiple language in .tpl files

25 January 2009 - 10:05 PM

Ok nevermind I will do it like here:
http://kb.cs-cart.co...ent-information

I forgot about it, sorry :)

In Topic: how to turn off notifications?

25 January 2009 - 05:42 PM

How about removing the email addys in settings?

You mean by removing email in admin.php?target=settings§ion_id=Company (Order department e-mail address)?
No, when customer place an order he will get an error on page.

Problem resolved, thank you mdekok3000 for help :)

In Topic: Image directory depending on language

24 January 2009 - 07:56 PM

Thank you its working :) Very simple :D

In Topic: Paypal exploit !

04 January 2009 - 02:55 PM

Hello.

I've encountered today an exploit that worries me. A "customer" has placed an order of 184 USD but the payment received via Paypal was 0.01 USD

First i thought that the user made have placed an order but he would not finalize it and then send via Paypal a small payment to try to trick me in thinking he paid for that order.

This is not the case. The order was recorded by the cart as being processed (email was sent also). This means that the buyer did placed the order via the shopping cart redirect. Else the order should have had an open status.

I also know that after being redirected to Paypal, the buyer can't change the value that he has to pay.

In the order processed email received from my cs-cart installation (1.3.5 sp2) the cart content is normal but in the payment-received-email from paypal one item is "worth" 0.01 and all others 0.00.

I've also emailed paypal but i would also appreciate your help.

Has anyone encounter this before ? If yes, what can be done.

How was this possible ?


I use cs cart 1.3.5 sp4

I had same order with this bug, Its paypal module exploit , not paypal exploit. I have another store with different script and I never had such bug!

I always deliver products without loggin on paypal (I use API only) - scammer found way to pay 0.01 USD and change status to paid.