Attention all the e-commerce website owners

I just want to share what i have discovered. I can purchase any product I want for any amount i specify. For example, I can even buy a Macbook Pro for just ₹10, or a 36` LCD HD TV for just for ₹2. I am not kidding at all. I have tested it with many shopping sites and most of them are having this breach.

Affected Sites :

  • Rediff Shopping – Breach present, but manual bank transaction checks present
  • Flipkart (Payzippy)
  • Infibeam (CC Avenue)
  • Lenskart (CC Avenue)
  • Watchkart (CC Avenue)
  • GoDaddy India (CC Avenue)

Non affected sites, Following are secure :

  • Amazon
  • Freecharge
  • Groupon (PayU)
  • Myntra
  • Snapdeal
  • eBay
  • Jabong (PayU)
  • ShopClues (BillDesk)

In short to summarize ALL the websites using the PayZippy and CC Avenue payment gateway are prone to this security breach.

Bug Details :-

[#] Title: Purchase any product for any amount.
[#] Affected Payment Gateways : PayZippy, CC Avenue
[#] Status: Payzippy : Fixed | CC Avenue : Fixed
[#] Severity : HIGH, FATAL
[#] Browser: Any Browser
[#] Report date : 11/10/2014
[#] Author: Rahul Vijay Manekari
[#] Email:

Impact :-

– Almost 80% of reputed Indian based e-commerce websites are using PayZippy or CC Avenue Payment Gateway. Any of the product from any affected websites can be purchased with as low as ₹2.

I want the higher authority from the above non-secure sites to contact me via my email :

I would like to have a personal meeting which will be the best way to convey my message.

I am not taking advantage of it, neither I’m sharing this bug to anyone. I am just saying that the bug is present right there and i am ready to help you guys.

But please, don’t contact me if you are a support guy or a technical department who handles social media support.

PS : Neither I am a professional hacker, nor i know much about security. I am a software product developer and i know how to secure my product. This was just the random tests which i was doing with other sites. I have no intention to break down any security barricades.

UPDATE 13/10/2014 : Flipkart has contacted and i have provided the details. They are working on resolving this issue.

UPDATE 17/10/2014 : CC Avenue has replied and they are working on the fix as well.

UPDATE 18/10/2014 : Bug has been resolved from PayZippy. Flipkart and other merchants using PayZippy Payment Gateway are secure now.

UPDATE 21/10/2014 : It has been resolved in CC Avenue as well.

Thank you.
Rahul Vijay Manekari.

*Le me calling MTNL support 1503

I am just thinking how a person can be so dumb. Because its a lady? or because she works for MTNL? or its just MTNL? I just bought a Data Card from D-Link and i want to use it with MTNL 3G. Without reading the reviews and compatibility i just bought MTNL card and activated 3G on it. I tried my level best to run the internet through that device, but i failed. I tried with other sim cards to check if the device is proper, guess what it worked for all sim cards but not MTNL. I thought MTNL help would be perfect. so i called MTNL helpline.

A lady picks up the phone.

She : Welcome to MTNL.

Me : Hello, I want settings for MTNL 3G internet.

She : Ok, all you have to do is go to Settings, ….(break)

Me : I want settings for Data Card.

She : Ohh sorry i thought for your cellphone. Wait a minute i will continue you.

She speaks after a minute.

She : so you have to go to connection manager, click on profiles…….. (Break)

Me : wait, i am not getting these menus, I want settings for my Unlocked D Link Data Card. Its not MTNL’s data card.

She : Aisa kaise chalega (With High tone), aisa nai chalega.

Me : Maa’m its unlocked device working for airtel, reliance but not with MTNL.

She : chalega hi nai na, aapke MTNL ka hi dongle lena padega to hi chalega.

Me : but madam its unlocked data card from D-Link.

She : (With extreme high volume) Nai chalega, aap card MTNL ka loge and data card kisi aur ka, to hum to bik gaye na 12 ke bhaav me. aap hi batao kaise chalega MTNL.

Me : (thinking) Dafuq did i just hear.

*Le me disconnects the phone.

Anyone tried working around with MTNL and D-Link DWM 156 Data Card, please let me know.