Bugtraq mailing list archives
QuickCommerce Vulnerability
From: zoran () UVINC COM (zoran () UVINC COM)
Date: Mon, 22 May 2000 15:59:30 -0500
A vulnerability exists in the entire QuickCommerce E-Commerce solutions package. For every item that you want your customer to buy, you are required to place the following code on your page... <FORM METHOD=POST ACTION="https://secure.quickcommerce.net/gateway/transact.dll"> <INPUT TYPE=HIDDEN NAME="x_Version" VALUE="3.0"> <INPUT TYPE=HIDDEN NAME="x_Login" VALUE="???????"> <INPUT TYPE=HIDDEN NAME="x_Show_Form" VALUE="PAYMENT_FORM"> <INPUT TYPE=HIDDEN NAME="x_Amount" VALUE="3000.00"> <INPUT TYPE=HIDDEN NAME="x_Cust_ID" VALUE="??????"> <INPUT TYPE=HIDDEN NAME="x_Description" VALUE="EZ All for Bonds and S&P 500"> <INPUT TYPE=HIDDEN NAME="x_Invoice_Num" VALUE="29910"> <INPUT TYPE=SUBMIT FONT-SIZE="-2" VALUE="ONLY $3,000.00"> </FORM> -------------------------------------------------------------------------- I took out the values for x_Login and x_Cust_ID for obvious reasons. One could take this code from a page after viewing the source, and place it on a blank (or not) page on their own server. One could change the value for x_Amount to 0.00 or 0.01 and get free products. Of course if you view the source, you would see that the x_Login and x_Cust_ID values are already there, so no need to go hunting for the person's login id and such. I thought this was interesting, because QuickCommerce (www.ecx.com/qc) boasts that this is secure... "QuickCommerce is a complete secure transaction processing system." .. Just because it is a secure server, does not make it so. So in summary, one could take this code from a page using the QuickCommerce system, and purchase certain products for nothing, or for very low prices. Erik Tayler 14x Network Security Inc. http://www.14x.net
Current thread:
- QuickCommerce Vulnerability zoran () UVINC COM (May 22)