lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <200907092235.n69MZwUB001143@www3.securityfocus.com>
Date: Thu, 9 Jul 2009 16:35:58 -0600
From: domingos.bruges@...ked.com
To: bugtraq@...urityfocus.com
Subject: Atlantic SimpleCaddy Shopping Cart Price Manipulation

SENKED-2009-0001 - Atlantic SimpleCaddy Shopping Cart Price Manipulation

senked security advisory
http://www.senked.com/

Date Published: 2009-07-01

Last Update: 2009-07-01

Advisory ID: SENKED-2009-0001

Bugtraq ID: none

CVE Name: none

Title: Atlanticintelligence SimpleCaddy Shoopuing Cart Price Manipulation

Class: Parameter Manipulation

Remotely Exploitable: Yes

Locally Exploitable: No

Advisory URL: http://www.senked.com/index.php/seguranca/advisories/58-advisory-senked-2009-0001

Vendors contacted: The vendor has been contacted and by the time of this advisory, a patch was not yet produced.

Vulnerable Packages: All versions < 1.7

Credits:
This vulnerability was found and researched by Domingos Bruges from senked Security.

Product Overview:
SimpleCaddy aims to be a simple yet powerful shopping cart solution for Joomla. It uses standard content to show the products' details and a small plugin on that page to present the "Add to Cart" functionality.

Technical Description - Exploit / Concept Code:
The vulnerability is due to improper handling of user input parameters. The product catalog typically consists of a product code, a product description, pricing and other information. When a customer selects a product from the catalog, he places it in his shopping cart. Weak integration of the product catalog and the shopping cart leads to security vulnerabilities.
This Product allows a user to manipulate the price while selecting the product quantity. This will conduct in users buying products at reduced prices.

Vulnerability Exploitation:
In this case, quantity validation is an important issue. There's correct validation of negative quantity inputs, but what happens if the customer enter a fractional quantity?
To exploit this vulnerability the user just has to enter a fractional quantity. If an user inputs 0,3 as quantity, the price will be recalculated as (standard price) x (quantity). This will lead the user to buy the product by 30% of its original price.

Resolution:
A well-implemented shopping cart application interfaces with the back-end product information database. Then parameters such as prices are derived from the database instead of relying on HTML form fields or any user inputs being passed back and forth. Also validations should not be done on the user side, allowing him to manipulate all possible validations. 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ