|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Another hole in Cart32
From: Justin King (JKing
GFPGROUP.COM)Date: Wed May 24 2000 - 15:35:42 CDT
- Next message: swlodinIQUEST.NET: "Kerberos Vulnerability and IBM SP2 Frame"
- Previous message: Jose Nazario: "Re: Vulnerability in infosrch.cgi"
- Maybe in reply to: bunny_69_1HOTMAIL.COM: "Another hole in Cart32"
- Maybe reply: Justin King: "Re: Another hole in Cart32"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
It's not even that hard. Why make a long PHP script when one line of
JavaScript will do the same?
The makers of Cart32 should send an e-mail to all of their users warning
them that their installation is currently flawed, and stating that a new
release will be out shortly which implements real security. If they can't
take this step, they should be boycotted. If they state that their software
is secure, they should be sued for fraudulent advertising.
Enter the following into your location bar (modified to mesh with form of
course):
javascript:window.document.formname.itemprice.value="0.00";alert("Price now
$0.00");
-----Original Message-----
From: CDI [mailto:cdiTHEWEBMASTERS.NET]
Sent: Tuesday, May 23, 2000 5:05 PM
To: BUGTRAQSECURITYFOCUS.COM
Subject: Re: Another hole in Cart32
[snip]
Here - let's pull the security blanket off of Cart32 and show them the
cold, hard, facts of life.
This also shows that Cart32.com doesn't take it's own damn advice...
[snip]
- Next message: swlodinIQUEST.NET: "Kerberos Vulnerability and IBM SP2 Frame"
- Previous message: Jose Nazario: "Re: Vulnerability in infosrch.cgi"
- Maybe in reply to: bunny_69_1HOTMAIL.COM: "Another hole in Cart32"
- Maybe reply: Justin King: "Re: Another hole in Cart32"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]