This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<p>Please check with your PayTM RM on the account type</p> | |
<ul> | |
<li>Express - This is the latest offering from PayTM. Supports cards, netbanking & PayTM wallet as well.</li> | |
<li>Seamless - Supports card acceptance only. (For netbanking, its redirection based)</li> | |
<li>Wallet - Only wallet transactions are permitted</li> | |
</ul> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import javax.crypto.Mac; | |
import javax.crypto.spec.SecretKeySpec; | |
public String calculateSignature() { | |
String secretKey = "<insert secret key here>"; | |
String serialized = "order_id=1464092311945&status=CHARGED&status_id=21"; | |
String algorithm = "HmacSHA256"; | |
serialized = URLEncoder.encode(serialized); | |
SecretKeySpec secretKeySpec = new SecretKeySpec(secretKey.getBytes(), algorithm); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Focus areas | |
Cross site request forgery on critical actions (control panel is out of scope) | |
Cross site scripting (XSS) | |
Remote code execution / shell injection | |
Authentication bypass | |
SQL injection | |
P1/P2 Issues: | |
Remote code execution |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
* Validate the given card using the Luhn checksum algorithm. Returns `true` if the card | |
* is valid, else returns `false`. | |
* Example: | |
* isCardValid("4242424242424242") // returns true | |
* isCardValid("4242424242424243") // returns false | |
*/ | |
var isCardValid = (function (arr) { | |
return function (ccNum) { | |
var |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// payment information goes here | |
String url = "https://secure.payu.in/_payment"; | |
String postData = "key=C23ARn&txnid=shop_test-55040ae184bd1-12&amount=1.0&productinfo=Description not provided&email=email@gmail.com&phone=9999999999&surl=https://api.juspay.in/payu/payment-response/10201382&furl=https://api.juspay.in/payu/payment-response/10201382&curl=https://api.juspay.in/payu/payment-response/10201382&firstname=&lastname=&address1=&address2=&city=&state=&country=&zipcode=&udf1=&udf2=&udf3=&udf4=&udf5=&udf6=&udf7=&udf8=&udf9=&udf10=&pg=NB&bankcode=CITNB&hash=ab3da78bad61b319e0fc394bc967fa4b1930f7723c5d06df045dcb7bbca62efa5fc656efbda4441798a734e920c0c8befa17d61639ef04e3890dae0130b01b8a"; | |
args.putString("url", url); | |
args.putString("postData", postData); | |
// analytics information goes here. These information are used only for analytics & tracking success/failure information | |
args.putString("clientId", ":clientId"); | |
args.putString("merchantId", ":merchantId"); | |
args.putString("orderId", ":orderId"); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var juspayResponse = JSON.parse(res); // assuming that `res` holds the data return by JusPay API | |
var url = juspayResponse.payment.authentication.url | |
var method = juspayResponse.payment.authentication.method | |
var frm = document.createElement("form") | |
frm.style.display = "none"; // ensure that the form is hidden from the user | |
frm.setAttribute("method", method); | |
frm.setAttribute("action", url); | |
if(method === "POST") { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
StringBuffer paramStr = new StringBuffer(); | |
for(String key : params.keySet()) { | |
paramStr.append(URLEncoder.encode(key)); | |
paramStr.append("="); | |
paramStr.append(URLEncoder.encode(params.get(key))); | |
paramStr.append("&"); | |
} | |
String postData = paramStr.toString(); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// available variables order, txn, payment | |
def priorities = ["HDFC", "ICICI"] // default | |
if (payment.card_issuer == "ICICI Bank") { // if ICICI Bank card, use ICICI | |
priorities = ["ICICI", "HDFC"] | |
} | |
else if (order.udf1 == "mobile" && order.udf2 == "android") // for android transactions, use ICICI | |
priorities = ["ICICI","HDFC"] | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// WARNING: This code is a sample to test your logic of gateway priority. This is NOT to be used as such. | |
def order = [order_id: "ord_id", amount: 1000.00, udf1:"web", udf2: "desktop", gateway_id: 2] | |
def txn = [txn_id: "txn_id", express_checkout: true, add_to_locker: false ] | |
def payment = [card_isin: "524368", card_issuer: "HDFC Bank", card_type: "CREDIT"] | |
def setGatewayPriority = { gateways -> | |
println "priority: " + gateways; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import in.juspay.godel.core.PaymentDetails; | |
// setup the initial parameters for the browser fragment | |
PaymentDetails paymentDetails = new PaymentDetails(); | |
paymentDetails.setOrderId(rechargeRequest.getPaymentId()); | |
paymentDetails.setMerchantId("juspay_recharge"); | |
// clientId uniquely identifies the weblab configuration rules to apply | |
paymentDetails.setClientId("juspay_recharge_android"); | |
// customerId uniquely identifies a customer | |
paymentDetails.setCustomerId(rechargeRequest.getMobileNumber()); |