HackDig : Dig high-quality web security articles

«No Previous
No Next

Plan Change Logic in Google Fiber (Webpass)

2020-02-17 14:45

“Distracted from Distraction by Distraction” - T.S. Eliot

TLDR; Found a simple logic bug when paying my annual Google Fiber bill (Webpass).

I initially added a $50 payment to my Google Fiber (WebPass) annual subscription, and then switched from annual to monthly billing, and saw that $550 (the annual amount) was credited to the account, and $60 was billed to the account for the new subscription.

POST /api/plan_changes HTTP/1.1
Host: webpass.net
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

from_subscription_id=12345&cashier=

I then replayed the same API operation that was initially called to change the subscription about six more times and saw that each time I called it $550 was credited to the account, and $60 was billed to the account.

Image

At this point there was $2,450 credited to the account, and it showed that the previously invoiced amount had been paid. It would have been fun to call that API operation 100+ more times to see what would happen


Source: lmth.rebiF-elgooG/71/20/0202/cigol/oi.buhtig.s0ahclang1s

Read:1431 | Comments:0 | Tags:logic

“Plan Change Logic in Google Fiber (Webpass)”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud