Smartwin Technology CyberOffice Shopping Cart 2.0 Price Modification Vulnerability
BID:1733
Info
Smartwin Technology CyberOffice Shopping Cart 2.0 Price Modification Vulnerability
| Bugtraq ID: | 1733 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Oct 02 2000 12:00AM |
| Updated: | Oct 02 2000 12:00AM |
| Credit: | Posted to Bugtraq on October 2, 2000 by the Delphis Consulting Security Team <[email protected]>. |
| Vulnerable: |
SmartWin Technology CyberOffice Shopping Cart 2.0 |
| Not Vulnerable: | |
Discussion
Smartwin Technology CyberOffice Shopping Cart 2.0 Price Modification Vulnerability
Smartwin Technology CyberOffice Shopping Cart is a shopping cart application for e-commerce enabled websites running Windows NT 4.0 or 2000.
The order form CyberOffice Shopping Cart utilizes can be easily modified by downloading the form locally and then resubmitting it to the target server containing the new values. Unit item prices can be modified to any arbitrary value.
Smartwin Technology CyberOffice Shopping Cart is a shopping cart application for e-commerce enabled websites running Windows NT 4.0 or 2000.
The order form CyberOffice Shopping Cart utilizes can be easily modified by downloading the form locally and then resubmitting it to the target server containing the new values. Unit item prices can be modified to any arbitrary value.
Exploit / POC
Smartwin Technology CyberOffice Shopping Cart 2.0 Price Modification Vulnerability
<input type="hidden" name="Item" value="Specified Value">
<input type="hidden" name="Item" value="Specified Value">
References
Smartwin Technology CyberOffice Shopping Cart 2.0 Price Modification Vulnerability
References:
References:
- SmartWin CyberOffice Shopping Cart (SmartWin Technologies)