Re: Yahoo! Store Security Advisory (Stuart Moore)

["Tim O'Guin" <timoguin () gmail com>]

This "vulnerability" is also present in the free PayPal shopping cart
as well as the more advanced eMartCart that will work with PayPal.  I
imagine other free shopping carts that have to have all the data
posted through an html form are susceptible to this as well.

IMO, it's not too much of a problem though.  If the vendor is stupid
enough not to realize that the price doesn't seem right then they
shouldn't be selling to the public.  Small price differences, however,
may be hard to recognize.

/me shrugs.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html