Drupal Commerce

Paying less for more in Drupal Commerce through the Authorize.Net SIM/DPM

In this article I am going to show you how to cheat the Drupal Commerce. I will make 2 orders: one for $1000 and another for $30. Due to weaknesses in the Authorize.net SIM/DPM and the way Commerce Authnet SIM/DPM module processes payments I would be able to pay $30 for a $1000 order. All I need is just a modern browser with an HTML Inspector.

Hacking Drupal Commerce site that accepts payments through the Authorize.net SIM

At one of my previous jobs we had a client who's organisation was crazy about security of the customer data, such as credit card numbers or billing info. They wanted to make their online store to be PCI compliant. Payment Card Industry Data Security Standard (PCI DSS) is a worldwide standard that was created to increase control around cardholder data to reduce credit card fraud via its exposure. However it does not mean that this standard makes merchants more secure. In fact there are some new vulnerabilities that I am going to show you in this article.