[Owasp-leaders] opinion regarding issue found in major email provider

johanna curiel curiel johanna.curiel at owasp.org
Thu Aug 27 13:47:34 UTC 2015


Hi all

I woudl like to have your opinion on an issue I found during a bug hunting
activity

A major email provider has a their own store for selling branded t-shirts,
pen, etc.

I attempted to buy using a test credit card number. I was able to get a
confirmation and final transaction with a value of USD2000.

When I reported the issue, they mentioned to me they did not consider this
as a vulenrability. I have always understand that deploying to production
should not contain test data that attackers could use to bypass the system.

What kind of vulnerability can this be considered if we can consider it a
vulnerability?

regards

Johanna
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150827/b48c3c33/attachment.html>


More information about the OWASP-Leaders mailing list