Fw: Another hole in Cart32

If it's a perl file (don't know about C++,etc.), the cgi may be taint
checked
(i.e. program_pipe -t) which would prevent it from being executed from a
form on another server.

Buddy

> >While messing around with Cart32, I discovered the following
> >bug. (I must say that the existance of such bugs in eCarts
> >is well known, but as far as I know it was never discovered
> >in Cart32)
> >
> >Description:
> >-----------
> >When a user clicks on a product he's interested in, he sees
> >a form where he can add this product to his cart, the
> >problem is that the price of the product is passed to the
> >Cart32 system by a "hidden" HTML tag named Price.
> >A simple edit of this field will permit a malicious attacker
> >to buy products in the desired price (probably $0).
> >
>Another nice hole discovered by Bunny69
> >bunny_69_1(at)hotmail.com
> >
> Best wishes,
> Adrian Harris.
>
> http://www.gn.apc.org/design
>

HWG hwg-techniques mailing list archives, maintained by Webmasters @ IWA