Monoprice.com Cart Enumeration

`As similarly stated at http://nmap.org/mailman/listinfo/fulldisclosure  
  
I would appreciate if Monoprice.com better secures its ecommerce site  
by fixing the following flaw rather than hiding it.  
  
With no cookies, visiting http://www.monoprice.com/Cart yields an  
empty cart with no cart id #.  
  
Adding an item to a cart, immediately creates a cart id #, which is  
visible from http://www.monoprice.com/Cart  
  
Clearing cookies after doing that, reveals a pattern in which cart id  
#s are generated sequentially.  
  
For example, if your cart id # is 11523351 then you may access your  
cart also by visiting http://www.monoprice.com/Cart?CartID=C11523351  
  
Note that doing so affects your access to that cart, overriding any  
alternative cart that you have established access to previously  
(cookies)  
  
Note that regardless of which user or ip address a cart was created  
from, that access to the cart can occur from any environment including  
from any ip address.  
  
Note that this access provides both read and write permissions such  
that any cart item may be removed, added or quantity modified.  
  
Considering the sequential nature of the cart id #s, it is fairly easy  
for anyone to establish access to any previous cart by merely  
subtracting 1 or more from their cart id to then access with  
http://www.monoprice.com/Cart?CartID=C########  
  
This allows for any user to alter the cart for any other user  
bypassing any security or other credentials.  
  
A simple quick remedy for this current level of exploitation would be  
for Monoprice to implement an additional hash or token to be used with  
the cart id # for accessing (read/write) a particular cart, such that  
the brute forceability of it is more complex/expensive).  
  
`