Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Whether this is about ha.ckers.org, sla.ckers.org or some other project you are interested in or want to talk about, throw it in here to get feedback. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
sample shopcart application
Posted by: anurag
Date: January 26, 2007 10:15PM

I have hosted a sample shopcart application with a lot of vulnerabilities for educational and experimental purposes. You can check it out at http://www.attacklabs.com/shopcart/

Please feel free to post here whatever vulnerabilities you can exploit on this sample application

Cheers -

Anurag Agarwal
SEEC - Application Security Search Engine (http://www.myappsecurity.com)
http://www.attacklabs.com
blog - http://myappsecurity.blogspot.com

Options: ReplyQuote
Re: sample shopcart application
Posted by: Spikeman
Date: January 28, 2007 09:12PM

Well first of all, you don't filter XSS in any of the fields upon registration, as far as I'm aware. My username (and everything is) is "<script>alert('xss!')</script>".

Options: ReplyQuote
Re: sample shopcart application
Posted by: tx
Date: January 29, 2007 04:52PM

There seems to be a couple of syntax errors which get in the way of clicking a few buttons (at least in ie7)

Additionally (as a first pass), the Item prices and quantity are passed as post variables, and no verification is done to ensure that the data is correct (making me the proud owner of 10000 Womens Stretch Fitted Shirts for a grand total of -$395,000)

EDIT: There is also XSS in the prodName and catName fields when the user selects to buy an item.

-tx @ lowtech-labs.org



Edited 1 time(s). Last edit at 01/29/2007 05:07PM by tx.

Options: ReplyQuote
Re: sample shopcart application
Posted by: anurag
Date: January 31, 2007 01:53AM

This application is developed as a vulnerable application. The idea is to show to what extent a vulnerable application can be exploited. I am working on a secure application (the same application with more security controls inbuilt) which we can use to compare how effective the security controls are in comparison. This is more for proof of concepts and educational purposes. If you are looking for a challenge then please wait till i deploy the secure application. I am not saying that will be full proof but at least it wont be as easy to hack as this one.

This application when developed was tested in IE6 and firefox 2.0. Sorry i forgot to mention that.

Cheers -

Anurag Agarwal
SEEC - Application Security Search Engine (http://www.myappsecurity.com)
http://www.attacklabs.com
blog - http://myappsecurity.blogspot.com

Options: ReplyQuote


Sorry, only registered users may post in this forum.