| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <AA95E41CCEDC1D468B4039CB853CA729017A68B4@zeus.icshq.com> Date: Wed Sep 14 21:05:41 2005 From: perrymonj at networkarmor.com (Josh perrymon) Subject: Exploiting an online store I was reading an article about an attacker that could have changed a price in an online shopping cart- Snip---- Next, Reshef performed a little number he calls ``electronic shoplifting'': He edited the site's online order form to reduce the price of a book from $22.95 to $2.95. Had he gone a few steps farther, Reshef actually could have purchased the book for the reduced price, adding a whole new spin to Priceline.com's ``name-your-own-price'' marketing campaign. Reshef's exploits didn't require any sophisticated software or particularly detailed knowledge of computer code. ``The only thing you need is an HTML editor that comes bundled with your Netscape or Internet Explorer browser,'' he said. ``There is no magic to this.'' What are laws on this?? What if the guy did make the transaction using his credit card? Since it is just a web transaction sending html from the client to the server what proof would they have? Joshua Perrymon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050914/4e35f45b/attachment.html
Powered by blists - more mailing lists