Full Disclosure mailing list archives
Re: Yahoo! Store Security Advisory (Stuart Moore)
From: "Tim O'Guin" <timoguin () gmail com>
Date: Mon, 27 Sep 2004 12:27:20 -0500
This "vulnerability" is also present in the free PayPal shopping cart as well as the more advanced eMartCart that will work with PayPal. I imagine other free shopping carts that have to have all the data posted through an html form are susceptible to this as well. IMO, it's not too much of a problem though. If the vendor is stupid enough not to realize that the price doesn't seem right then they shouldn't be selling to the public. Small price differences, however, may be hard to recognize. /me shrugs. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Yahoo! Store Security Advisory (Stuart Moore) Tim O'Guin (Sep 27)