You can learn a lot by poking at apps. I never would have guessed the client was interfacing directly with the payment processor. Only reason I can guess is that Dominoes wants absolutely nothing to do with your CC#.
The thing I see here is that there is enough information in the client to send a requst that validate credit card numbers. This is called a carding attack (or checker) - https://en.wikipedia.org/wiki/Credit_card_fraud#Checker if it isn’t properly mitigated with rate limiting.
Nice post.
You can learn a lot by poking at apps. I never would have guessed the client was interfacing directly with the payment processor. Only reason I can guess is that Dominoes wants absolutely nothing to do with your CC#.
The thing I see here is that there is enough information in the client to send a requst that validate credit card numbers. This is called a carding attack (or checker) - https://en.wikipedia.org/wiki/Credit_card_fraud#Checker if it isn’t properly mitigated with rate limiting.
Almost 10 years ago I noticed that Pizza Hut Australia did price calculation client-side. Was able to specify whatever you wanted to pay!