[Tool/Web/Other] Shop Webpage [Socket/MySQL]

SlowARG
Little Clucker

Posts: 38
Threads: 4
Joined: Feb 2014
Reputation: 0

31.07.2017, 22:43

Hi there.
First, nice Webshop, i like this idea.

Second, i've seen that this shop is vulnerable to Web Parameter Tampering, we can tamper POST data (such as price of skins/vehicles) and we can get them for free. Another way is executing the JavaScript code directly.

So, the original request originates here:

Code:

<p><button type='button' class='btn btn-info' on‌Click='BuySkin(".$skins[$i][1].", ".$skins[$i][0].")'>Buy</button></p>

We can execute JavaScript directly:

Code:

BuySkin(240, 0);

Regards,
Nobody.

Find

« Next Oldest | Next Newest »

Messages In This Thread

Shop Webpage [Socket/MySQL] - by oMa37 - 30.07.2017, 11:14

Re: Shop Webpage [Socket/MySQL] - by blackgangs - 30.07.2017, 11:17

Re: Shop Webpage [Socket/MySQL] - by darkhunter332 - 30.07.2017, 12:03

Re: Shop Webpage [Socket/MySQL] - by oMa37 - 30.07.2017, 13:57

Re: Shop Webpage [Socket/MySQL] - by justice96 - 30.07.2017, 16:04

Re: Shop Webpage [Socket/MySQL] - by Younes44 - 30.07.2017, 16:14

Re: Shop Webpage [Socket/MySQL] - by oMa37 - 31.07.2017, 04:27

Respuesta: Shop Webpage [Socket/MySQL] - by SlowARG - 31.07.2017, 22:43

Re: Respuesta: Shop Webpage [Socket/MySQL] - by oMa37 - 01.08.2017, 09:39

Re: Shop Webpage [Socket/MySQL] - by Anadolu - 01.08.2017, 13:31

Re: Shop Webpage [Socket/MySQL] - by TheMaskedGamer - 07.08.2017, 13:22

Re: Shop Webpage [Socket/MySQL] - by Barnwell - 07.08.2017, 14:18

Re: Shop Webpage [Socket/MySQL] - by oMa37 - 13.08.2017, 01:09

Re: Shop Webpage [Socket/MySQL] - by azzerking - 22.08.2017, 22:45

Re: Shop Webpage [Socket/MySQL] - by Roozevelt - 22.08.2017, 23:02

Re: Shop Webpage [Socket/MySQL] - by Omirrow - 22.08.2017, 23:09

View a Printable Version

Forum Jump:

Users browsing this thread: 3 Guest(s)

Login
Username:
Password:	Lost Password?
	Remember me