Element InstantShop add_2_basket.asp Price Modification
Remote / Network Access
Loss of Integrity
Element InstantShop contains a flaw that may allow a malicious user to modify price information. The issue is due to insufficent input validation in the "add_2_basket.asp" script. By changing the vaule of hidden parameter "price", a remote attacker may change and purchase a product at any price they want, resulting in a loss of integrity.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s):
In add_2_basket.asp, remove the 'request.form("Price")' and 'request.form("Weight")' and add a select string to select the price and weight from the product table for given 'Product'. Calculate 'Total' and 'TotalWeight' with the values you get from the database.