SmartWin CyberOffice Shopping Cart漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1106022 漏洞类型 未知
发布时间 2000-10-02 更新时间 2005-10-12
CVE编号 CVE-2000-0926 CNNVD-ID CNNVD-200012-099
漏洞平台 Windows CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/20247
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200012-099
|漏洞详情
SmartWinCyberOfficeShoppingCart2版本(也称为CyberShop)存在漏洞。远程攻击者通过改变隐藏的形式变量"Price"修改价格信息。
|漏洞EXP
source: http://www.securityfocus.com/bid/1733/info

Smartwin Technology CyberOffice Shopping Cart is a shopping cart application for e-commerce enabled websites running Windows NT 4.0 or 2000.

The order form CyberOffice Shopping Cart utilizes can be easily modified by downloading the form locally and then resubmitting it to the target server containing the new values. Unit item prices can be modified to any arbitrary value. 

<input type="hidden" name="Item" value="Specified Value">
|参考资料

来源:BID
名称:1733
链接:http://www.securityfocus.com/bid/1733
来源:WIN2KSEC
名称:20001002DST2K0036:PricemodificationpossibleinCyberOfficeShoppingCart
链接:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0000.html
来源:XF
名称:cyberoffice-price-modification
链接:http://xforce.iss.net/static/5319.php
来源:BUGTRAQ
名称:20001002DST2K0036:PricemodificationpossibleinCyberOfficeShoppingCart
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=97050627707128&w=2