Geek Rant dot org » How to buy a 65â€ Plasma for $.99

Thu 2006-11-16

How to buy a 65â€ Plasma for $.99

Filed under:

Application

— josh @ 09:00

e-commerce sites utilizing hidden fields are susceptible to manipulation, such as selling a 65â€ Plasma for $.99. The way it works is the hidden field containing the price gets its value changed from many thousands of dollars to less than one, and the form is submitted to the server. The server blindly trusts the web client, and instead of actually using its own database-stored pricing (which is where the price no doubt came from originally) uses the price supplied by the client.

Hilarity ensues.

The author wants to call this process eShoplifting. I call it redistributing wealth (from the stupid to the clever).

One Response to “How to buy a 65â€ Plasma for $.99”

' or 1=1 go select * from dbo.sysobjects -- Says:
November 16th, 2006 at 10:20
I remember this one from a hacking session at MSDN user group. I believe the example used was Amazon, this was a few years ago.
The other technique was ye old sql injection!;)
John.

Leave a Reply

Contact:;
- tips at geekrant dot org
Contributors
- Andy
- Brian
- Daniel
- Glen
- Josh
- Tony
Geek humour
Geek news and reviews
- Dan's Data
- News.com
- NTK
- SlashDot
- The Register
Other geek blogs
Categories:
- Applications (111)
  - Application Service Providers (1)
  - CMS (36)
    - MamboServer (1)
    - Wordpress (30)
  - MS-Office (59)
    - Access (2)
    - Excel (10)
    - Frontpage (2)
    - Outlook (14)
    - Powerpoint (2)
    - Visio (2)
    - Word (11)
  - OpenOffice (2)
- Business (116)
  - Advertising (21)
  - Copyright (14)
  - eCommerce (12)
  - Legalese (10)
  - Marketing (14)
  - Media (8)
  - Money (11)
  - Outages (5)
  - Project planning (1)
  - Recruitment (11)
- Code (113)
  - Algorithms (4)
  - ASP (4)
  - C++ (8)
  - Databases (12)
    - MySQL (5)
    - Oracle (1)
    - SQL Server (1)
  - Dot Net (11)
  - Emdedded (4)
  - Flash (3)
  - Java (4)
  - Maths (4)
  - PHP (3)
  - VB (16)
  - Web pages (42)
    - DHTML (1)
    - HTML-CSS (10)
    - Javascript (7)
- Culture (233)
  - Blogs (25)
  - Books (9)
  - Censorship (4)
  - Chat (7)
  - Clothing (2)
  - Images (11)
  - Memes (14)
  - Microblogging (4)
  - Movies (10)
  - Music (28)
  - Nostalgia (55)
  - P2P (5)
  - Podcasting (9)
  - Social networking (6)
  - TV (38)
- Data (50)
  - Accuracy (9)
  - Archiving (5)
  - Compression (4)
  - Data loss (6)
  - Data theft (3)
  - Encryption (2)
  - Metadata (1)
  - XML (12)
- Future trends (32)
- Games (65)
  - Arcade (7)
  - Consoles (14)
  - Lego (6)
- Geek reference (1)
- General (95)
  - Muxed (18)
- Hardware (185)
  - Cameras (7)
  - Capacity (1)
  - Comms (9)
  - DIY Hardware (6)
  - Fixed disks (10)
  - Input devices (11)
  - iPod (55)
  - Mobile (14)
  - Monitors (9)
  - Multimedia (11)
  - PCs (10)
  - Portable disks (11)
  - Printers (2)
  - Video (5)
  - Virtualisation (6)
- Internet (267)
  - Domains (12)
  - Email (50)
    - Spam (35)
  - Google and Gmail (88)
  - Hosting (11)
  - IE (23)
  - ISPs (3)
  - Mozilla (47)
    - Extensions (6)
  - Opera (2)
  - RSS (8)
  - Safari (4)
  - Search engines (9)
  - Site design (28)
  - Usenet (1)
  - VOIP (3)
- Old articles (4)
- Organic machines (17)
  - Humans (16)
- Platforms (186)
  - Linux (13)
  - Mac (30)
    - Networking (2)
    - OS X (13)
  - Palm (1)
  - Phones (23)
  - Windows (135)
    - Windows Mobile (5)
- Regional (93)
  - Asia (3)
  - AU (73)
  - Europe (5)
  - North America (13)
  - NZ (1)
- SDLC (20)
  - Coding (2)
  - Deployment (3)
  - Design (7)
  - Planning (2)
  - Support (3)
  - Testing (4)
- Security (78)
  - Application (5)
  - Backdoors (1)
  - Hoaxes (10)
  - Network (2)
  - Physical (1)
  - Privacy (5)
  - Spyware (5)
  - Viruses (9)
  - Vulnerabilities (21)
- Site admin (11)
- Yahoo (1)
Search:
Archives:
November 2006

M T W T F S S

« Oct Dec »

1 2 3 4 5

6 7 8 9 10 11 12

13 14 15 16 17 18 19

20 21 22 23 24 25 26

27 28 29 30
Feeds and other:
- Login

26 queries. 0.347 seconds. Powered by WordPress