A monkey with a violin, or how I unexpectedly saved 790 rubles with the help of Fiddler
TL; DR: accidentally found an easy way to buy a paid service for 1 ruble instead of the full amount. Reported this resource administrators, eventually got a year subscription for free. For the burnt baghunters, nothing interesting.
I have long wanted to learn how to finally watch movies in English in the original. I have no particular problems with technical things (lectures, courses, seminars, etc.) - but with feature films and even trouble-grief games.
Meanwhile, the quality of translation into Russian often leaves much to be desired. Here, for example, a few frames from the Russian localization of Dead Space 3:
')
"It seems clear."
(peering around the corner looking for the enemy) Looks clear.
“Leave the bridge!”
Clear the bridge!
"Hand!"
Give me a hand!
I am a very obliging and purposeful person, so I promise myself at least once a year to improve English. True, constantly somehow it turns out in life that there is a huge amount of more urgent matters - relatives, friends, Skyrim - so there is no time left for English. Right conspiracy of some kind.
Not so long ago, I had another exacerbation, and I began to wool the Network in search of some suitable site teaching English. Went through several options; eventually settled on one that attracted the attention of the interface and some of the declared features. On one of the sections of the site were serials in English with very, in my opinion, conveniently made subtitles - well, and other tasty dictionary-type buns and comments to the complex and subtle details of the language.
After getting acquainted with the demo version of what is happening, it was decided that we should buy full access to all the series. A lot of crying over my hard-earned money, I proceeded to the product payment page.
Page as a page, nothing special
On the left we select products, on the right there is the calculated price. Then click on "Pay by card", a payment window appears, pay. Everything is standard.
And then for some reason I was drawn to open Fiddler. I heard a lot about the fact that smart people with its help know how to embed XSS, deduct money from a mobile phone, steal records from a contact and hack the Pentagon. I have never been able to do this myself, but they tell the same!
So, I launched Fiddler, clicked on the “Pay” button - and I saw the following picture:
The highlighted POST request was as follows:
I was surprised to find that the amount of my order that is familiar to me, which comes in response from the server, is so painfully contained there.
It is known that Fiddler can intercept not only outgoing, but also incoming requests. I transferred it to this mode.
Of course, everyone knows where this button is. For the rest, I made a screenshot just in case:
After that, I tried to pay the order again - and when the server returned the answer “1580 rubles” to me, I, without any reason, changed it to a slightly lower price of 80 rubles:
The opened payment system window confirmed that you need to pay so much:
Wary, I entered the data cards and crossed my fingers ...
After a few seconds, the window reported that the payment was successful.
And after another couple of seconds, the phone buzzed - it came an SMS with confirmation from the bank.
Meanwhile, the mail received a letter from the payment system with payment confirmation and letters from the resource, congratulating on the acquisition of the system.
And in the personal account on the site, new opportunities appeared, honestly acquired by me with a discount of 94.9%.
“Wow! ★ ”, I thought, and went to write a letter to resource administrators. I did not find any specific communication methods for this kind of messages, so I just wrote to tech support.
Vulnerability alert (clickable)
I sent the appeal around midnight. By lunchtime the next day, I was written by a tech support specialist, thanked for the information and said that the vulnerability is closed. I was pleasantly surprised by the prompt response.
Correspondence with technical support (clickable)
As a bonus, they offered access to any of the site’s paid services; I, of course, chose the series.
Now I’ll certainly be watching.
I would be happy to hear feedback, advice and opinions of readers in the comments. I also propose to participate in a short poll.
PS
When I tried to check the vulnerability after fixing, I received an error “Invalid operation” or something like that. But, apparently, I made too many requests, because now with similar attempts (and even from different IP addresses), I have been seeing the same message for the fifth day “Try again later.”
It seems that the payment system has banned me for a while . : D
It seems that the payment system has banned me for a while . : D
Pps
Particularly corrosive readers may have noticed that the screenshots indicated an amount of 1,580 rubles, and the title of the article featured 790.
The answer is simple: I initially planned to buy two services, but then I reasoned that I would have enough of some TV shows for my eyes.
After all, I am a very obliging and purposeful person.
The answer is simple: I initially planned to buy two services, but then I reasoned that I would have enough of some TV shows for my eyes.
After all, I am a very obliging and purposeful person.
★ Here is the official version (abbreviated and censored).
Source: https://habr.com/ru/post/266175/
All Articles