COMMAND

    Java Internet Shop

SYSTEMS AFFECTED

    - Shop Express (DANISH VERSION)
    - Zilron StoreCreator Version 3.0 and below (ENGLISH VERSION)

PROBLEM

    Following is based on Security Point Advisory.  They have found  a
    vulnerability in a common internet Java shop, this bug enables the
    users to  select the  price of  the merchandise  by her/him  self!
    They have found two versions  of the program that generates  these
    Java shops,  a Danish  one and  an English  one.   The name of the
    Danish one is Shopexpress, and the English is Zilron StoreCreator,
    this bug will affect about 2500++ internet shops.

    This  was  tested  with  Internet  Explorer  5.x and Netscape 4.x.
    Point your browser to an affected site running either Shop Express
    or StoreCreator.  Now go  to the  item you  "want" to  buy.   Then
    before you press the add to basket you can change the value of the
    product.

    In  Internet  Explorer  select  "VIEW  SOURCE"  and search for the
    string "returnpath" it will tell  two numbers which you insert  at
    x1, x2 and then at x3 you insert the name of the product. Whatever
    you want the price to be you insert at x4 like 10.00 for 10$

        javascript:parent.ReturnPath(x1, x2);parent.AddRecord("x3",x4,1);

    now  you  take  THIS  line  you  just  got and type that into your
    internet explorer PATH and press  enter.  Then you click  BUY item
    and you get to the ORDER site where it says the new price.

    This can then be exploited if  the shop is a computer store  and a
    computer is $ 1000 and you fx make the price $ 899 and so on  with
    lotsa products then it means  it will be VERY complicated  for the
    shop to sort it all out  and there it needs a database  with fixed
    price on all product.

SOLUTION

    Add merchandise to a "database" file, eg:

        item[0]=Hat
        price[0]=10
        item[1]=Computer
        price[1]=9999

    Both Shopexpress and Zilron are  aware of this problem and  should
    therefor have a fix out soon.