Element InstantShop, http://www.element.be is vulnerable to price modification. A malicious user could modify the pricing information before submitting the order form. DEMONSTRATION The following is a sample of HTML from a InstantShop order form;
Saving the web page locally then editing the "price" field a malicious user could purchase products for much less than their market value or for zero and negative values. VENDOR RESPONSE The vendor has been notified but no patch information has been released. CREDIT |
0 comments
Hide comments