[ SOURCE: http://www.secureroot.com/security/advisories/9735745935.html ] ===================================================================== Securax-SA-07 Security Advisory belgian.networking.security Dutch ===================================================================== Topic: Price modification in Element InstantShop Announced: 2000-10-23 Updated: 2000-10-23 O/S: Microsoft Windows NT 4 Server Severity: High - Price modification possible vendor URL: www.element.be cgi-bin: /[bin-dir]/add_2_basket.asp ===================================================================== THE INFORMATION CONTAINED IN THIS ADVISORY IS BELIEVED TO BE ACCURATE AT THE TIME OF PRINTING, BUT NO REPRESENTATION OR WARRANTY IS GIVEN, EXPRESS OR IMPLIED, AS TO ITS ACCURACY OR COMPLETENESS. NEITHER THE AUTHOR NOR THE PUBLISHER ACCEPTS ANY LIABILITY WHATSOEVER FOR ANY DIRECT, INDIRECT OR CONSEQUENTIAL LOSS OR DAMAGE ARISING IN ANY WAY FROM ANY USE OF, OR RELIANCE PLACED ON, THIS INFORMATION FOR ANY PURPOSE. I. Background It is possible to modify the unit price of items as it is submitted as a hidden field as part of the order form. By saving a copy of the order form down locally and modify the value it is possible to submit a order form with a zero or even negative price value. II. Impact Example: --> change value this to anything you like. III. Recommendation The vendor has been informed, but in the meanwhile we recommend using non-realtime transactions ( ie: manual authorisation ). And pay attention for a BMW going over the counter for $10 :-) IV. Credits and for the e-shop hunting spree, for the HTML. ===================================================================== For more information info@securax.org Website http://www.securax.org Advisories/Text http://www.securax.org/pers ---------------------------------------------------------------------