While using my address bar to search for something, I accidentally happened to choose one of an previous “Payseal – ICICI Bank Payment Gateway” page from the list in the Firefox address bar.
What I saw was something not amusing at all. Inspite of their disclaimed note at the bottom of the page that says
“Note: This page will expire in 30 Minutes and if you fail complete the transaction in 30 Minutes you will be redirected to the order page of <service provider>”
the page opened as it had opened the day I made the payment. Forget 30 minutes, I might have gone to that page atleast a couple of months ago.
For the sake of illustration try accessing the following url’s to see what I mean
https://payseal.icicibank.com/mpi/Ssl.jsp?txnId=9FE43213A6D3414FC3D66E5AAEAC3CC26534254EFC0FA0E7
Continuing here will make a payment of Rs 1295 that I did more than a couple of months back for a friend to get him paid services of Jeevansathi. I am not entirely sure what happens to these transactions once they have been fulfilled. As far as I remember the transaction represented above were never completed due to my bad internet connection.
I just hope that this serious security issue is soon addressed by ICICI Bank else it has a serious scope of being exploited.
