Pricing Index/Plan Upgrade "Ra" Exploit
Discovered By:
Jay
Date:
1998
Patched:
2000 - Updated 2.5.2001
This was a pretty interesting exploit. When you go to kw: billing to
change your pricing plan the token used was "Ra". At the time the "Ra"
token had no viewrule on it for Price Index's with no billing such as
77(CL) and 0 (OH/Internal).
Jay discovered that you could use the Ra token for any Price Index. All
you had to do was wait for the billing cycle to come along and you're
account would be converted. For instance, if you wanted a CL account you
would send "Ra", 77 and within 30 days you would have a CL account. This
exploit lasted for a fairly long time before being patched. In 2000, a
similar exploit was discovered with another billing token, "#P".
Contributed By:
db
|
