Be careful what you put in your querystring

Today, a guy posted the following querystring in the IRC:

cart/addItem.php?PID=191N033&PName=Rokenbok+RC+Dozer+04271+**WEB+SPECIAL**+
Regular+$75.95&PPrice=64.95&Plinecode=0&Pdepartment=0&PClient=E-net&version=0.8

As you see, the price of the product has been put in the querystring, so you can easily change the price you have to pay ;-)

Obviously, such mistakes are still made. I hope you do it better.

Post a Comment

Required fields are marked *
*
*

%d bloggers like this: