Element InstantShop add_2_basket.asp Price Modification

2000-10-24T00:00:00
ID OSVDB:6487
Type osvdb
Reporter Zoa_Chien(zoachien@securax.org)
Modified 2000-10-24T00:00:00

Description

Vulnerability Description

Element InstantShop contains a flaw that may allow a malicious user to modify price information. The issue is due to insufficent input validation in the "add_2_basket.asp" script. By changing the vaule of hidden parameter "price", a remote attacker may change and purchase a product at any price they want, resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s):

In add_2_basket.asp, remove the 'request.form("Price")' and 'request.form("Weight")' and add a select string to select the price and weight from the product table for given 'Product'. Calculate 'Total' and 'TotalWeight' with the values you get from the database.

Short Description

Element InstantShop contains a flaw that may allow a malicious user to modify price information. The issue is due to insufficent input validation in the "add_2_basket.asp" script. By changing the vaule of hidden parameter "price", a remote attacker may change and purchase a product at any price they want, resulting in a loss of integrity.

References:

Vendor URL: http://www.element.be/products/products.asp Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2000-10/0338.html ISS X-Force ID: 5402 CVE-2000-1001 Bugtraq ID: 1836