XSS Test is an incredibly common vulnerability, and while often appearing trivial, through modern exploitation techniques it can be used in a range of ways: from acting on behalf of application users, stealing identities in the application, redirecting traffic or even introducing fake content into a corporate website. Just as other exploits that have developed over the years, counter-measures have also been added. Unfortunately, attackers have adapted themselves too.
E-commarce, Online Premuium Service providers and many others uses payment medium to get the payment using CC,Net Banking etc. Payment Gateways are the Integration layer between the web application and the Banking service layer. These gateways are mostly the loosely coupled,third party source code provided by the authorized Payment Gateway Providers. Ex of Payment gateways are paypal,authorize,securepay.
Once i found a serious issue on all the applications of a matrimonial website. The payment medium was suffering from CSRF that was leading to access to their premium services for free. I contacted the organization regarding the same and reported the issue upfront. Although I wasn’t expecting any thing much in return but being a very good startup , they should have given something for the the issue that may have lead to a serious loss to them. Those greedy , smart executives pulled out all the Bug information from me and called me cya in the end. 😛
On the similar line , the demo issue is explained below.