Lucene search
+L

spad01.txt

🗓️ 01 Jun 2000 00:00:00Reported by SecPointType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 30 Views

Java Internet Shop vulnerability allows users to manipulate product prices in affected stores.

Code
`  
Security Point   
[email protected]  
www.secpoint.com/advis.html  
  
  
Advisory #001  
Title: Java Internet Shop Vulnerability  
Date: 31-05-00  
  
  
Copyright (c) 2000 SECURITY POINT  
  
Contents:  
=========  
  
I Disclaimer  
II Introduction  
III Description  
IV Fix  
V Contact  
VI Vulnerable sites  
VII Job Offers  
VIII Greetings  
  
I - Disclaimer:  
===============  
  
This paper is for educational purpose only, Security Point will not be  
responsible for any damages whatsoever that have a connection with the  
information written in this paper. There are no warranties with regard   
to this information, any use of this information is at the user's own risk.  
  
  
  
II - Introduction:  
==================  
  
We have found a vulnerability in a common internet Java shop, this bug   
enables the users to select the price of the merchandise by her/him self!   
We have found two versions of the program that generates these Java shops, a   
Danish one and an English one. The name of the Danish one is Shopexpress, and   
the English is Zilron StoreCreator, this bug will affect about 2500++ internet   
shops.  
  
III - Description:  
==================  
  
Affected Software:  
  
Shop Express (DANISH VERSION)  
Zilron StoreCreator Version 3.0 and below (ENGLISH VERSION)  
  
Description of the bug  
  
This was tested with Internet Explorer 5.x and Netscape 4.x  
  
Point your browser to an affected site running either Shop Express or   
StoreCreator. Now go to the item you "want" to buy. Then before you press the   
add to basket you can change the value of the product !  
  
Source c0de  
In Internet Explorer select "VIEW SOURCE" and search for the string "returnpath"  
it will tell two numbers which you insert at x1, x2 and then at x3 you insert the   
name of the product. Whatever you want the price to be you insert at x4 like   
10.00 for 10 $.  
  
javascript:parent.ReturnPath(x1, x2);parent.AddRecord("x3",x4,1);  
  
now you take THIS line you just got and type that into your internet explorer   
PATH and press enter. Then you click BUY item and you get to the ORDER site   
where it says the new price.  
  
This can then be exploited if the shop is a computer store and a computer  
is $ 1000 and you fx make the price $ 899 and so on with lotsa products   
then it means it will be VERY complicated for the shop to sort it all out  
and there it needs a database with fixed price on all product :!  
  
  
Vict0r / Allan  
  
IV - Fix:  
=========  
  
add merchandise to a "database" file, eg:  
  
item[0]=Hat  
price[0]=10  
item[1]=Computer  
price[1]=9999  
  
Both Shopexpress and Zilron are aware of this problem and should therefor have  
a fix out soon.  
  
  
V - Contact:  
============  
  
If you have further questions regarding this bug, then you can contact us at   
www.secpoint.com/advisories  
[email protected]  
  
  
VI - Vulnerable sites:  
======================  
  
Here are the lists of sites running Shop Express and StoreCreator.  
We have not checked all the sites. So there will be no guarantee for all   
these sites to be vulnerable. But check your own site.  
  
StoreCreator Sites:  
http://www.zilron.com  
http://www.zilron.com/mall/morestores.html  
  
Shop Express Sites:  
http://www.shopexpress.dk/  
http://www.shopexpress.dk/referencer.htm  
  
  
VII - Job Offers:  
===============  
  
Security Point is seeking security enthusiasts with a vast experience  
in intrusion testing, firewall/IDS configuration and other  
security-related fields. For more information, please visit:  
  
http://www.secpoint.com/secjobs.html  
  
  
VIII - Greetings fly to:  
=======================  
: SecurityFocus.com, ADM, Obecian, Skodbums_hangout, w00w00, cybk0red the Greek whore, n0sser .   
  
  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation