Full Disclosure mailing list archives
Exploiting an online store
From: "Josh perrymon" <perrymonj () networkarmor com>
Date: Wed, 14 Sep 2005 15:05:24 -0500
I was reading an article about an attacker that could have changed a price in an online shopping cart- Snip---- Next, Reshef performed a little number he calls ``electronic shoplifting'': He edited the site's online order form to reduce the price of a book from $22.95 to $2.95. Had he gone a few steps farther, Reshef actually could have purchased the book for the reduced price, adding a whole new spin to Priceline.com's ``name-your-own-price'' marketing campaign. Reshef's exploits didn't require any sophisticated software or particularly detailed knowledge of computer code. ``The only thing you need is an HTML editor that comes bundled with your Netscape or Internet Explorer browser,'' he said. ``There is no magic to this.'' What are laws on this?? What if the guy did make the transaction using his credit card? Since it is just a web transaction sending html from the client to the server what proof would they have? Joshua Perrymon
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Exploiting an online store Josh perrymon (Sep 14)
- Re: Exploiting an online store Gadi Evron (Sep 14)
- Re: Exploiting an online store Valdis . Kletnieks (Sep 14)
- Re: Exploiting an online store fd (Sep 15)
- Re: Exploiting an online store Nick FitzGerald (Sep 15)
- <Possible follow-ups>
- RE: Exploiting an online store Thomas Quinlan (Sep 14)
- RE: Exploiting an online store Josh Perrymon (Sep 14)
- RE: Exploiting an online store lyal.collins (Sep 14)
- Re: Exploiting an online store Gadi Evron (Sep 14)