Bugtraq mailing list archives
more problems with that POS dansie cart software!
From: juice () 3SHEEP COM (tombow)
Date: Fri, 14 Apr 2000 11:09:47 -0400
if installing a backdoor in the cart software wasn't bad enough.. the whole implimentation of pricing and adding items to cart is crap.. example form to add items to your cart (kindly provided on the publishers site using the demo cart they set up for us): *snip* <FORM METHOD=POST ACTION="http://www.dansie.net/cgi-bin/scripts/cart.pl"> Black Leather purse with leather straps<BR> Price: $20.00<BR> <INPUT TYPE=HIDDEN NAME=name VALUE="Black leather purse"> <INPUT TYPE=HIDDEN NAME=price VALUE="20.00"> <INPUT TYPE=HIDDEN NAME=sh VALUE="1"> <!-- Shipping and Handling --> <INPUT TYPE=HIDDEN NAME=img VALUE="purse.jpg"> <INPUT TYPE=HIDDEN NAME=return VALUE="http://www.dansie.net/demo.html"> <INPUT TYPE=HIDDEN NAME=custom1 VALUE="Black leather purse with leather straps"> <INPUT TYPE=SUBMIT NAME="add" VALUE="Put in Shopping Cart"> </FORM> *snip* a couple of quick alterations and we can now add: one piece of crap cart software.. http://www.dansie.net/cgi-bin/scripts/cart.pl?name=piece+of+crap+cart+software&price=1.00&sh=1&img=purse.jpg&return=http://www.dansie.net/demo.html&custom1=my+shopping+cart+software+sucks+because+i+let+users+manipulate+crucial+variables I am aware this was posted a few months ago but I don't recall anyone posting in relation to this particular software package.. tom
Current thread:
- Performance Copilot for IRIX 6.5, (continued)
- Performance Copilot for IRIX 6.5 Marcelo Magnasco (Apr 12)
- Microsoft Security Bulletin (MS00-024) Microsoft Product Security (Apr 12)
- Re: Back Door in Commercial Shopping Cart Luciano Ramos (Apr 13)
- [TL-Security-Announce] PAM and usermode TLSA2000009-1 Katie Moussouris (Apr 14)
- Re: Back Door in Commercial Shopping Cart Luciano Ramos (Apr 14)
- Re: Back Door in Commercial Shopping Cart [Stormer Hosting] Dan Kaminsky (Apr 14)
- New DOS on Interscan NT/3.32 Alain Thivillon (Apr 17)
- Re: Back Door in Commercial Shopping Cart [RESOLVED] Dan Kaminsky (Apr 17)
- Re: Back Door in Commercial Shopping Cart Pete Holsberg (Apr 13)
- Re: Back Door in Commercial Shopping Cart Anik (Apr 13)
- more problems with that POS dansie cart software! tombow (Apr 14)
- Re: more problems with that POS dansie cart software! Randy Janinda (Apr 14)
- nmh-1.0.4 released Dan Harkless (Apr 14)
- xfs Michal Zalewski (Apr 16)
- StarOffice 5.1 Michal Zalewski (Apr 16)
- XFree86 server overflow Michal Zalewski (Apr 16)
- XFree86 server overflow - exploit issues Michal Zalewski (Apr 16)
- Reappearance of an old IE security bug Ben Mesander (Apr 16)
- Re: Reappearance of an old IE security bug Vladimir Dubrovin (Apr 17)
- Announcing: Solaris Fingerprint Database (sfpDB) on SunSolve Casper Dik (Apr 17)
- Re: XFree86 server overflow Olaf Kirch (Apr 17)