Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: e-commerce, shopping carts :: hack1242.htm

Alan Ward Acart Improper authentication checking
Improper authentication checking in Alan Ward Acart

Vulnerability:	Improper authentication checking for delete

Discussion:	Due to improper authentication checking a pop-up opened by any of the multiple XSS vulnerabilities by the admin of the site can cause a database compromise.

Exploit:	By using one of the multiple XSS vulnerabilities in this script, an attacker can cause the site administrator to open a new window and delete products or entire categories of products from the database.  The syntax is below: delete

Solution:	The developer needs to implement a new authentication mechanism for deletion of data.

Credit:	CyberArmy Application and Code Auditing Team


The developer was contacted regarding this matter, but never gave a reply.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH