[Owasp-o2-platform] Couple more blog posts on JPetStore and additional Spring MVC Autobinding vulnerabilities
dinis.cruz at owasp.org
Wed Jul 13 09:25:09 EDT 2011
On the Spring MVC topic, I added a couple more blog posts and video to the
O2 developer blog:
supporting YouTube video
I also noticed that using the same autobinding vulnerability, it is possible
to change the quantity of the item being purchased to a *negative *value
which has interesting implications on the current purchase and more
importantly on the global (to JPetStore) 'item stock quantity' value.
I have not scripted this latest issue, but if you want looking at trying
these scripts, why don't you have a go at writing it?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-o2-platform