Vulnerability in e-gold
When developing a script designed to make mass-payments (it is being demonstrated on this site shortly) I have found a vulnerability on the e-gold site, allowing to make payments from accounts of the authorized users without notifying them.
Vulnerability found in a script confirm.asp, carrying out transfer of means. According to Programming guide for e-gold automation function to this script, there should be a number of parameters among which is AccountID and PassPhrase, authorizing the payer before transfer. In case the inquiry to a script was sent by a user already authorized on the e-gold site, these parameters are not checked and payment is made from the user account.
Thus, having enticed an authorized user to the e-gold site, using a link like:
https://www.e-gold.com/acct/confirm.asp?AccountID=123456& PassPhrase=somestring& PayeeAccount=MY_ACCOUNT& Amount=100& PAY_IN=1& WORTH_OF=Gold& Memo=Donation& IGNORE_RATE_CHANGE=y
there is an opportunity to transfer money from his account to any other.
On March, 13th 2006
I have written about it in e-gold. The answer with gratitude and small rewards has come quickly enough.
On March, 14th 2006
I have received a message from e-gold, confirming that the bug is fixed, and I can publish this information. As a newbie in bug reporting, I have asked 3APA3A for advice. He recommended me to publish the information concerning the issue, and provide link to the article in the report.