Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
shopping cart using JS
Posted by: cttnmth
Date: June 18, 2007 05:27PM

Have any of you seen this crazy sh*&? http://www.nopdesign.com/freecart/

To me this is the most incredibly stupid idea ever!(Well,one of them,for sure!)

Simply modify your cookie to change just about everything from price to quantity.

Regards,
cttnmth

Options: ReplyQuote
Re: shopping cart using JS
Posted by: thornmaker
Date: June 21, 2007 01:17AM

or simply order negative quantities. also, xss in just about every field

Options: ReplyQuote
Re: shopping cart using JS
Posted by: rsnake
Date: July 14, 2007 04:34PM

I audited that software for a client 3-4 years back. It is just as bad as it sounds. Avoid it.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: shopping cart using JS
Posted by: faz3d
Date: July 31, 2007 09:35AM

even XSS's in the cookies..
stupid f@*kers

http://null-byt3.co.uk

Options: ReplyQuote
Re: shopping cart using JS
Posted by: rsnake
Date: December 10, 2007 09:20AM

hahah, yup!

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote


Sorry, only registered users may post in this forum.