aclover1VALUE.COM

• Next message: cassiusHUSHMAIL.COM: "Cayman 3220H DSL Router Software Update and New Bonus Attack"
• Previous message: Chris Adams: "Re: Problem with FrontPage on Cobalt RaQ2/RaQ3"
• Maybe in reply to: bunny_69_1HOTMAIL.COM: "Another hole in Cart32"
• Next in thread: Justin King: "Re: Another hole in Cart32"
• Maybe reply: Clover Andrew: "Re: Another hole in Cart32"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

sert sert <sert_isHOTMAIL.COM> wrote:

> They seem to be relying on the client to properly use the security
> options available in the package.

The options they outline *do not* represent any level of security,
"properly" used or not. Anyone can get around the POST restriction
by simply creating a form themselves, and anyone can get around
the Referer check by connecting to the HTTP server either by hand
or using a non-web-browser tool and sending the Referer header
themselves.

Worse, the Referer check will break functionality on any browser
that does not support, or has been configured not to give (for
privacy reasons) referring page information.

A security policy that relies on trusting the user agent is no
security policy at all. With a shopping cart made entirely from
client-side JavaScript, such exploits are understandable. When
it's a server-side set of scripts, relying on trust is
inexcusable.

Michael Form <mikeSECTOR001.ORG> suggested:

> all Cart32 users should skim through the orders to see any
> noticeable price errors.

Indeed.

High-tech! E-commerce!! Let's go!!!

--
Andrew Clover
Technical Support
1VALUE.com AG

• Next message: cassiusHUSHMAIL.COM: "Cayman 3220H DSL Router Software Update and New Bonus Attack"
• Previous message: Chris Adams: "Re: Problem with FrontPage on Cobalt RaQ2/RaQ3"
• Maybe in reply to: bunny_69_1HOTMAIL.COM: "Another hole in Cart32"
• Next in thread: Justin King: "Re: Another hole in Cart32"
• Maybe reply: Clover Andrew: "Re: Another hole in Cart32"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]