github-actions[bot]
commented
3 years ago Thank you for taking your time to reporting a bug in Himalayan Bank Paymennt gateway for Woocommerce.
Closed sanzeeb3 closed 3 years ago
github-actions[bot]
commented
3 years ago Thank you for taking your time to reporting a bug in Himalayan Bank Paymennt gateway for Woocommerce.
sanzeeb3
commented
3 years ago Closing, part of this is fixed on https://github.com/lijnam/wc_hbl_payment_gateway/pull/5. We'll look into remaining with separate issue.
There are things to improve in the
hbl_response_handler()https://github.com/lijnam/wc_hbl_payment_gateway/blob/6bfa80120a80945235650311aa1fa069a3517067/hbl-wocommerce-gateway.php#L43
Currently, Inputs aren't validated.
if( isset( $_REQUEST['paymentGatewayID'] ) ) {Anything can be a successful order if you make a request using URL:
https://example.com/checkout/order-received/?paymentGatewayID=string
Verification: Anyone can make a request which gets logged by:
$logger->debug( 'Response From Bank ', wp_json_encode( $_REQUEST ) );If you make bulk requests using that URL, the logs can get heavier and the site may eventually run out of the memory.
The request should be sanitized before processing.
Output isn't escaped. Example:
$_REQUEST['invoiceNo']can be anything including the script to steal user cookies.