• Home
  • Contact

NARESH LAMGADE

Bypassing WhatsApp Subscription Payment

authorNaresh LamGade
7th October, 2015
security

Featured Posts

  • TryHackMe : SQLMAP Writeup
    TryHackMe : SQLMAP Writeup
    16th May, 2021
  • Payment Bypass on Mega Business
    Payment Bypass on Mega Business
    5th June, 2020
  • Dynamic Execution : ASP.NET with Bootstrap
    Dynamic Execution : ASP.NET with Bootstrap
    28th April, 2017

Categories

blog bug bugs security Tech Tips & Trick TryHackMe tutorial Uncategorized

Naresh LamGade

authorNaresh LamGade
7th October, 2015
security

We all know about it, WhatsApp is an instant messaging app for smartphones. WhatsApp Messenger is a cross-platform mobile messaging app which allows you to exchange messages without having to pay for SMS. (Read More ) 

WhatsApp is free to download and try for the first year. After, you have the option of extending your subscription for $0.99 USD per year. This vulnerabilities exist in the WhatsApp payment processing system with Paypal which is not encrypted.

https://www.whatsapp.com/payments/paypal.php?phone=97798XXXXXXX&cksum=e39fe530c7c159b713b2f8765e6435b3&sku=1&lg=en&lc=US

Here sku=1
which is for 1 year ,
sku=2 for 3 years and sku=3 for 5 years.

<form id="paypal" action="https://www.paypal.com/cgi-bin/webscr" method="post">
<div>
<input type="hidden" name="custom" value="purchaser=97798XXXXXXX&amp;list=97798XXXXXXXX">
<input type="hidden" name="business" value="paypal@whatsapp.com">
<input type="hidden" name="item_name" value="One year of WhatsApp service for phone +977 981-7004791">
<input type="hidden" name="item_number" value="1">
<input type="hidden" name="amount" value="0.99">
<input type="hidden" name="invoice" value="519CC73F-2122-4282-B425-4F9EC56925A9">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="notify_url" value="http://p.whatsapp.net/pay_http:ebay_paypal">
<input type="hidden" name="return" value="https://www.whatsapp.com/payments/success.php">
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="no_shipping" value="1">

whatsapp_issue
With this vulnerability, any WhatsApp user can increase their subscription age even by paying small $0.01 for 5 years.

I reported this issue to the WhatsApp team and their response :

response_whatsapp

 

Even though there was no reward for this but still an extra free year subscription was added to my account.

Comments




Share

Twitter Facebook Google+



  • whatsapp bug
  • whatsapp exploit
  • whatsapp issue
  • whatsapp security bug
  • Whatsapp Vulnerability

TryHackMe : SQLMAP Writeup
author Naresh LamGade 16th May, 2021
Payment Bypass on Mega Business
author Naresh LamGade 5th June, 2020
There are no comments.

Leave a Reply
Cancel Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Navigation
  • Home
  • Contact
Copyright © Naresh LamGade. 2023 • All rights reserved.
Proudly published with WordPress.