COMMAND
Java Internet Shop
SYSTEMS AFFECTED
- Shop Express (DANISH VERSION)
- Zilron StoreCreator Version 3.0 and below (ENGLISH VERSION)
PROBLEM
Following is based on Security Point Advisory. They have found a
vulnerability in a common internet Java shop, this bug enables the
users to select the price of the merchandise by her/him self!
They have found two versions of the program that generates these
Java shops, a Danish one and an English one. The name of the
Danish one is Shopexpress, and the English is Zilron StoreCreator,
this bug will affect about 2500++ internet shops.
This was tested with Internet Explorer 5.x and Netscape 4.x.
Point your browser to an affected site running either Shop Express
or StoreCreator. Now go to the item you "want" to buy. Then
before you press the add to basket you can change the value of the
product.
In Internet Explorer select "VIEW SOURCE" and search for the
string "returnpath" it will tell two numbers which you insert at
x1, x2 and then at x3 you insert the name of the product. Whatever
you want the price to be you insert at x4 like 10.00 for 10$
javascript:parent.ReturnPath(x1, x2);parent.AddRecord("x3",x4,1);
now you take THIS line you just got and type that into your
internet explorer PATH and press enter. Then you click BUY item
and you get to the ORDER site where it says the new price.
This can then be exploited if the shop is a computer store and a
computer is $ 1000 and you fx make the price $ 899 and so on with
lotsa products then it means it will be VERY complicated for the
shop to sort it all out and there it needs a database with fixed
price on all product.
SOLUTION
Add merchandise to a "database" file, eg:
item[0]=Hat
price[0]=10
item[1]=Computer
price[1]=9999
Both Shopexpress and Zilron are aware of this problem and should
therefor have a fix out soon.