shopping cart using JS

sla.ckers.org is
ha.ckers sla.cking

Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc....

Go to Topic: Previous•Next

Go to: Forum List•Message List•New Topic•Search•Log In

shopping cart using JS

Posted by: cttnmth

Date: June 18, 2007 05:27PM

Have any of you seen this crazy sh*&? http://www.nopdesign.com/freecart/

To me this is the most incredibly stupid idea ever!(Well,one of them,for sure!)

Simply modify your cookie to change just about everything from price to quantity.

Regards,
cttnmth

Options: Reply•Quote

Re: shopping cart using JS

Posted by: thornmaker

Date: June 21, 2007 01:17AM

or simply order negative quantities. also, xss in just about every field

Options: Reply•Quote

Re: shopping cart using JS

Posted by: rsnake

Date: July 14, 2007 04:34PM

I audited that software for a client 3-4 years back. It is just as bad as it sounds. Avoid it.

- RSnake
Gotta love it. http://ha.ckers.org

Options: Reply•Quote

Re: shopping cart using JS

Posted by: faz3d

Date: July 31, 2007 09:35AM

even XSS's in the cookies..
stupid f@*kers

http://null-byt3.co.uk

Options: Reply•Quote

Re: shopping cart using JS

Posted by: rsnake

Date: December 10, 2007 09:20AM

hahah, yup!

- RSnake
Gotta love it. http://ha.ckers.org

Options: Reply•Quote

Go to: Forum List•Message List•Search•Log In

Sorry, only registered users may post in this forum.

Click here to login