[Full-Disclosure] Re: Yahoo! Store Security Advisory (Stuart Moore)
timoguin at gmail.com
Mon Sep 27 18:27:20 BST 2004
This "vulnerability" is also present in the free PayPal shopping cart
as well as the more advanced eMartCart that will work with PayPal. I
imagine other free shopping carts that have to have all the data
posted through an html form are susceptible to this as well.
IMO, it's not too much of a problem though. If the vendor is stupid
enough not to realize that the price doesn't seem right then they
shouldn't be selling to the public. Small price differences, however,
may be hard to recognize.
Full-Disclosure is hosted and sponsored by Secunia.