exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

DST2K0036.txt

DST2K0036.txt
Posted Oct 5, 2000
Site delphisplc.com

Delphis Consulting Plc Security Team Advisory DST2K0036 - CyberOffice Shopping Cart v2 under Windows NT allows remote users to modify the price of items because prices are set by a hidden form field.

tags | exploit, remote
systems | windows
SHA-256 | 23e3f2c45abc484fb83817dec5582c0edb01f638db7dcbb693eec81c06bf7de3

DST2K0036.txt

Change Mirror Download

============================================================================
Delphis Consulting Plc
============================================================================

Security Team Advisories
[22/09/2000]

securityteam@delphisplc.com
[http://www.delphisplc.com/thinking/whitepapers/]

============================================================================
Adv : DST2K0036
Title : Price modification possible in CyberOffice Shopping Cart
Author : DCIST (securityteam@delphisplc.com)
O/S : Microsoft Windows NT 4 Server (SP5)
Product : CyberOffice Shopping Cart v2
Date : 22/09/2000

I. Description

II. Delphis Solution

III. Vendor Comments

IV. Disclaimer


============================================================================

I. Description
============================================================================

Vendor URL: http://www.smartwin.com.au/smartwin.htm

Delphis Consulting Internet Security Team (DCIST) discovered the following
vulnerability in CyberOffice Shopping Cart v2 under Windows NT.

Severity: high - Price modification possible

It is possible to modify the unit price of items as it is submitted as
a hidden field as part of the order form. By saving a copy of the order
form down locally and modify the value it is possible to submit a order
form with a zero or even negative price value.

example: <input type="hidden" name="Price" value="0">

The vendor solutions relies on referrers and is easily bypassed.

II. Delphis Solution
============================================================================

Vendor Status: Informed

Currently Delphis recommend the following:

o Make transactions non-realtime (i.e. Manual authorisation)

III. Vendor Comments
============================================================================

SmartWin is aware of the problem and has provided solution since about 6
months ago.

Under Global / System Settings of the Shop Manager, you can set Authorized
URL(s) to specify the Web sites (folders) where the shopping pages reside.
This effectively stops the problem you reported in this article.

Typically, merchants will switch on the option for real-time services.

IV. Disclaimer
============================================================================
THE INFORMATION CONTAINED IN THIS ADVISORY IS BELIEVED TO BE ACCURATE AT
THE TIME OF PRINTING, BUT NO REPRESENTATION OR WARRANTY IS GIVEN, EXPRESS OR
IMPLIED, AS TO ITS ACCURACY OR COMPLETENESS. NEITHER THE AUTHOR NOR THE
PUBLISHER ACCEPTS ANY LIABILITY WHATSOEVER FOR ANY DIRECT, INDIRECT OR
CONSEQUENTIAL LOSS OR DAMAGE ARISING IN ANY WAY FROM ANY USE OF, OR RELIANCE
PLACED ON, THIS INFORMATION FOR ANY PURPOSE.
============================================================================
This e-mail and any files transmitted with it are intended solely for the
addressee and are confidential. They may also be legally
privileged.Copyright in them is reserved by Delphis Consulting PLC
["Delphis"] and they must not be disclosed to, or used by, anyone other than
the addressee.If you have received this e-mail and any accompanying files in
error, you may not copy, publish or use them in any way and you should
delete them from your system and notify us immediately.E-mails are not
secure. Delphis does not accept responsibility for changes to e-mails that
occur after they have been sent. Any opinions expressed in this e-mail may
be personal to the author and may not necessarily reflect the opinions of
Delphis

Login or Register to add favorites

File Archive:

November 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    16 Files
  • 2
    Nov 2nd
    17 Files
  • 3
    Nov 3rd
    17 Files
  • 4
    Nov 4th
    11 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    3 Files
  • 8
    Nov 8th
    59 Files
  • 9
    Nov 9th
    12 Files
  • 10
    Nov 10th
    6 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    1 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    9 Files
  • 15
    Nov 15th
    33 Files
  • 16
    Nov 16th
    53 Files
  • 17
    Nov 17th
    11 Files
  • 18
    Nov 18th
    14 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    26 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    10 Files
  • 24
    Nov 24th
    9 Files
  • 25
    Nov 25th
    11 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    20 Files
  • 29
    Nov 29th
    9 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close