Vulnerability? Able to change BTO price clientside

Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic

   Hi Brett,
Thank you for your comments. We agree and can assure you that we take security vulnerabilities and issues like this very seriously, and in fact had previously posted a patch for the same (or very similar) issue back under v4.1:

http://www.productcart.com/release-log.asp

However in terms of the current issue, it appears to be specific to IE10 only (at least in our tests) which is caching configuration pricing when the customer uses the browser's 'Back' button from the Shopping Cart Page (to go back to the Configuration Page). It would be very helpful to know if you are able to replicate this under other browsers as well?

At this time, we agree with your suggestion to remove the specifics of this vulnerability for security reasons and will contact you directly to verify the circumstances and post a full patch as soon as possible.

Sincerely,

Edited by earlyimp - 18-September-2013 at 1:42pm

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
ProductCart Members Profile Send Private Message Find Members Posts Add to Buddy List Admin Group ProductCart Team Joined: 01-October-2003 Status: Offline Points: 135	Post Options Post Reply Quote ProductCart Report Post Thanks(0) Quote Reply Topic: Vulnerability? Able to change BTO price clientside Posted: 18-September-2013 at 1:42pm
	Hi Brett, Thank you for your comments. We agree and can assure you that we take security vulnerabilities and issues like this very seriously, and in fact had previously posted a patch for the same (or very similar) issue back under v4.1: http://www.productcart.com/release-log.asp However in terms of the current issue, it appears to be specific to IE10 only (at least in our tests) which is caching configuration pricing when the customer uses the browser's 'Back' button from the Shopping Cart Page (to go back to the Configuration Page). It would be very helpful to know if you are able to replicate this under other browsers as well? At this time, we agree with your suggestion to remove the specifics of this vulnerability for security reasons and will contact you directly to verify the circumstances and post a full patch as soon as possible. Sincerely, Edited by earlyimp - 18-September-2013 at 1:42pm
	The ProductCart Team Home of ProductCart shopping cart software