[Owasp-leaders] opinion regarding issue found in major email provider

Daniel Harvey daniel.harvey at owasp.org
Thu Aug 27 13:57:34 UTC 2015


How about cwe-489
On Aug 27, 2015 9:49 AM, "johanna curiel curiel" <johanna.curiel at owasp.org>
wrote:

> Hi all
>
> I woudl like to have your opinion on an issue I found during a bug hunting
> activity
>
> A major email provider has a their own store for selling branded t-shirts,
> pen, etc.
>
> I attempted to buy using a test credit card number. I was able to get a
> confirmation and final transaction with a value of USD2000.
>
> When I reported the issue, they mentioned to me they did not consider this
> as a vulenrability. I have always understand that deploying to production
> should not contain test data that attackers could use to bypass the system.
>
> What kind of vulnerability can this be considered if we can consider it a
> vulnerability?
>
> regards
>
> Johanna
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150827/479777e3/attachment.html>


More information about the OWASP-Leaders mailing list