Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Commerce)  >   Yahoo! Store Vendors:   Yahoo
Yahoo! Store Commerce System Lets Remote Users Modify Prices When Purchasing
SecurityTracker Alert ID:  1011403
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Sep 23 2004
Impact:   Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  

Description:   Ben Efros reported a vulnerability in the Yahoo! Store shopping cart. A remote user can modify the price of merchandise being purchased.

During a shopping transaction, a remote user can submit modified HTML to a Yahoo! Store commerce site with either an unauthorized item option or with a valid option that has been price-modified. The commerce system will compute the order using the price of the option, which can be a positive or negative value. If the merchant does not review the order prior to fulfillment, the item may be sold for the incorrect price.

The 'options' select item lists are intended to be used to define separately priced purchasing options, such as additional accessories, different sizes, extended warranties, and express shipping.

An example of a select item option is provided:

<SELECT NAME="Express Shipping">
<OPTION>Yes (+8.95)</OPTION>

A remote user can modify the price of the select item option to an arbitrary value, even to a negative number. If an item is purchased with a negative price option selected, then the price of the order will be reduced by the negative amount selected.

If a merchant does not use options, a remote user can still add an arbitrary option with an arbitrary price.

The vendor was notified on August 15, 2004.

Impact:   A remote user can modify the price of items purchased when shopping.
Solution:   Yahoo! issued a fix on September 8, 2004 and notified affected merchants on the same date. Additional information is available at:

Vendor URL: (Links to External Site)
Cause:   Authentication error

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, LLC