Has anyone experienced problems with the existing e-junkie IDOR vulnerability that allows a hacker using a tool such as Burp Suite to modify button parameters including the price of an item that is sent to the payment processor? If so, do you have a solution? In my case, using 2checkout, e-junkie sends out the software activation code to the hacker before 2checkout completes their fraud testing. As a result, a bogus price of $0.01 is accepted and the software code is sent before the fraud is detected.
1) The price is successfully manipulated by the hacker using Burp Suite and sent to 2checkout and accepted. This is due to the IDOR vulnerability.
2) E-junkie and 2checkout are not tightly integrated which allows the order to be fulfilled (i.e. the activation code is emailed to the hacker by ejunkie) before the 2checkout fraud check is completed.