From: Mifa (mifa@stangercorp.com)
Date: Tue Jul 17 2007 - 15:36:43 EDT
I have set up a webpage that allows payments via paypal. Is it secure? Below is the data submitted (as seen with tamper data)
-----BEGIN+PKCS7-----MIIHRwYJKoZIhvcNAQcEoIIHODCCBzQCAQExggEwMIIBLAIBADCBlDCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20CAQAwDQYJKoZIhvcNAQEBBQAEgYCc5oTmKIwgJyxLT7AH%2FkU95ngx35fugoCRC79u%2FtwnfxwW5Oth51QmRQNFiRoTxNAjBqIcITW1ksND9mt5nfYj9N9xdqJFnPILwwLZuU9yIJ9fWzVKkibdu6Gm5da%2FLrp47c4%2FOK2BIce1Qn7jgNkLAeG2mQJjQegyNazBUw%2BrbzELMAkGBSsOAwIaBQAwgcQGCSqGSIb3DQEHATAUBggqhkiG9w0DBwQIiT%2BOyGkXv7iAgaDzcHdRRpeyrK2gvJ65Eyk0%2FFY9jdHEzYQDIQvo2Ji%2BZPaWsu46klCci7AXq29nyI0xT4PdM67a69FAUSAZ2zjdcB7oTjfyQW42YrnyTHX1GyFBNwIZRoMxsfZWYSjqUMNBnTMgN8TJV6b2UKj3WPbtTVRkEW%2FsUk2XnS1BNqoW7NvDae91IQkcCg9jCOZD8Por1e0YC5p9wIQCPzfxCjgMoIIDhzCCA4MwggLsoAMCAQICAQAwDQYJKoZIhvcNAQEFBQAwgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLUGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgNVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1
yZUBwYXl
wYWwuY29tMB4XDTA0MDIxMzEwMTMxNVoXDTM1MDIxMzEwMTMxNVowgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLUGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgNVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBR07d%2FETMS1ycjtkpkvjXZe9k%2B6CieLuLsPumsJ7QC1odNz3sJiCbs2wC0nLE0uLGaEtXynIgRqIddYCHx88pb5HTXv4SZeuv0Rqq4%2BaxW9PLAAATU8w04qqjaSXgbGLP3NmohqM6bV9kZZwZLR%2FklDaQGo1u9uDb9lr4Yn%2BrBQIDAQABo4HuMIHrMB0GA1UdDgQWBBSWn3y7xm8XvVk%2FUtcKG%2BwQ1mSUazCBuwYDVR0jBIGzMIGwgBSWn3y7xm8XvVk%2FUtcKG%2BwQ1mSUa6GBlKSBkTCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb22CAQAwDAYDVR0TBAUwAwEB%2FzANBgkqhkiG9w0BAQUFAAOBgQCBXzpWmoBa5e9fo6ujionW1hUhPkOBakTr3YCDjbYfvJEiv%2F2P%2BIobhOGJr85%2BXHhN0v4gUkEDI8r2%2FrNk1m0GA8HKddvTjyGw%2FXqXa%2BLSTlDYkqI8OwR8GEYj4efEtcRpRYBxV8KxAW93YDWzFGvru
KnnLbDAF
6VR5w%2FcCMn5hzGCAZowggGWAgEBMIGUMIGOMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC1BheVBhbCBJbmMuMRMwEQYDVQQLFApsaXZlX2NlcnRzMREwDwYDVQQDFAhsaXZlX2FwaTEcMBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLmNvbQIBADAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDQxMjMwMDA1MTA1WjAjBgkqhkiG9w0BCQQxFgQUDSIlB0j07QkPIipNhxb3NOiHCOkwDQYJKoZIhvcNAQEBBQAEgYACa2fySHHuwkTbxKilmWHeGpREnfcq%2BHwvoTeAcSoyaRZQqpIERt2XN16KdHetCi%2FSkLNe%2F0jc9G3IR1Pn5zuIV8WIcf5FCis1eafeTakaPnQFcXWSr93S2w42oUTrMCLxx3%2F545p7uvU4w%2Fgis1J6BvXuR0R5MLrb719xszZzQQ%3D%3D-----END+PKCS7-----%0D%0A
1) Can this be decrypted? This string is after all hard coded into the paypal button.
a)If so how?
2) What apps might decode and recode this data.
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer
http://www.cenzic.com/c/wf-spi
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:57 EDT