header-logo
Suggest Exploit
vendor:
Windows NT
by:
SecurityFocus
5
CVSS
MEDIUM
CyberOffice Shopping Cart Arbitrary Price Modification
20
CWE
Product Name: Windows NT
Affected Version From: CyberOffice Shopping Cart
Affected Version To: CyberOffice Shopping Cart
Patch Exists: YES
Related CWE: N/A
CPE: o:microsoft:windows_nt
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2001

CyberOffice Shopping Cart Arbitrary Price Modification

CyberOffice Shopping Cart is vulnerable to an arbitrary price modification attack. By downloading the order form locally and then resubmitting it to the target server containing the new values, unit item prices can be modified to any arbitrary value.

Mitigation:

Upgrade to the latest version of CyberOffice Shopping Cart.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1733/info

Smartwin Technology CyberOffice Shopping Cart is a shopping cart application for e-commerce enabled websites running Windows NT 4.0 or 2000.

The order form CyberOffice Shopping Cart utilizes can be easily modified by downloading the form locally and then resubmitting it to the target server containing the new values. Unit item prices can be modified to any arbitrary value. 

<input type="hidden" name="Item" value="Specified Value">

Navigation

Suggest Exploit

Services By CQR