I've seen this on quite a few websites that use paypal. If you have ever come across a site that has a 'You are now being redirected to Paypal, please wait' page inbetween the checkout and paypal then you will probably see something similar if you quickly hit ctrl+S.
Some sites that use Paypal also have a form field for where to direct to upon successful purchase. Sometimes this page has a link to download the product you're meant to be purchasing.
PayPal tell you to check when you get the payment confirmation through to check the checkout ID against your own records for what the transaction should have been, but I have fixed just such vulnerabilities in my work before.
The fact the hidden fields can be populated on a POST doesn't necessarily imply they are used on the backend. There's a plate ID field in there...which may or may not indicate there is a record for this transaction in a database.
The fact that the author was able to manipulate values 2 pages after the form he modified pretty strongly implies that those values were used on the backend, however.
This is how PayPal has worked for over 10 years. It's not that big of a deal. Tampering with the form fields is discouraged both by law and by the ease of confirming either programmatically or manually.
It's not really a dark pattern when the Acrylic plate is the product that most people are trying to buy - without it you don't have the physical numberplate you can put on your car.
Plus they make it pretty clear what the tickbox is, on top of the fact that an upsell of £20 for a physically made product on top of £30k for a license is the least useful upsell in the history of selling.
If the transaction went through and they unknowingly delivered the number-plate, would this be illegal? Or would it have to be resolved as a civil matter? [in the UK]
I'm almost certain this would be illegal, as well as a breach of the computer misuse act. I've been wondering this myself though - it would have been cool to stick that plate on my car.
By "illegal" do you mean "criminal"? Because a wrong that is redressable through civil rather than criminal process is still illegal under the normal definition of the word.
Say a store has a stereo on sale for $300 and you decide that since the wholesale price was only $120, a fair price would be $150. You're saying as long as you plan to use it personally, you could lay down three fifties and walk out with it without 'benefiting'? Your benefit in that case would be the $150 you avoided paying.
You get the licence plate. That's the benefit. You didn't have it before, you have it now, it's something someone (incl you) value. "benefit" doesn't mean "profit".
>It's nice to get so much loan and grant money for a few years of dossing.
Blanket statements like this make my blood boil. I worked incredibly hard for my education. And, when I did it I thought it was expensive. Since I graduated the UK government tripled tuition twice in four years. To be precise, the UK government allowed universities to triple tuition twice in four years. And believe me, most if not all of the universities in the Russell Group did indeed triple their tuition fees. The students that get the student loan help from the government now may be potentially facing a lifetime of debt, unable to pay off their loans before they retire. "Great," I hear you say, "When you retire, your student loan is written off." While at first glance this may seem appealing, it's bad for the economy. The UK government made a move that works well for them in the short-term but works out extremely poorly in the long-term. And this is not accounting for the fact that the average student graduating nowadays with about 9 times more debt. I don't know which country you are from or where you were educated, but in the UK where there are almost no scholarships for higher education, graduating with £30,000 of debt must feel pretty debilitating.
Oh, and by the way, there is no 'grant' money for students. Grants where for the education of yesteryear, when students didn't have to pay back the help they received from the government. It's depressing to think that the mere accident of the year of one's birth provides an entire lifetime of debt.
The 'fees' are differed on the off-chance you don't earn a reasonable salary. You can call it debt, but it isn't. In the US they have real student debt that is debilitating. In the UK, it doesn't even register on your credit score.
Why is it that a school-leaver gets little to no help, and a university student gets a whole tonne of grants and deferred fees? Doesn't that inequality make your blood boil?
It was around 40 quid when I lived there in 2009. I was just about to get a 6-month pass because I figured it was worth it with my usage, then prices nearly doubled a few days before I came back from my Christmas holidays.
TL;DR: It used to be much cheaper, then they raised the prices.
It doesn't help that Paypal themselves (https://cms.paypal.com/uk/cgi-bin/?cmd=_render-content&conte...) have tutorials with lines like: <input type="hidden" name="amount" value="15.00">