OSVDB ID: 13425

Title: Microsoft .NET orderdetails.aspx OrderID Parameter Arbitrary Order Access

Info

Disclosure

Mar 03, 2002

Discovery

Unknown

Dates

Exploit

Mar 03, 2002

Solution

Unknown

Description

ibuyspystore.com contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered by a lack of authorization when viewing existing orders, which will disclose order information resulting in a loss of confidentiality.

Classification

Location: Remote/Network Access Required
Attack Type: Information Disclosure, Input Manipulation
Impact: Loss of Confidentiality
Exploit: Exploit Available
OSVDB: Concern

Solution

Do not view and copy this code for any software projects.

Products

Vertigo Software

ibuyspystore.com

All Versions

References

CVE ID: 2002-0409 (see also: NVD)
Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=101518860823788&w=2

Credit

Tom Gilder -

Direct URL: http://osvdb.org/36218