[Owasp-o2-platform] Couple more blog posts on JPetStore and additional Spring MVC Autobinding vulnerabilities

dinis cruz dinis.cruz at owasp.org
Wed Jul 13 09:25:09 EDT 2011

On the Spring MVC topic, I added a couple more blog posts and video to the
O2 developer blog:

supporting YouTube video

I also noticed that using the same autobinding vulnerability, it is possible
to change the quantity of the item being purchased to a *negative *value
which has interesting implications on the current purchase and more
importantly on the global (to JPetStore) 'item stock quantity' value.

I have not scripted this latest issue, but if you want looking at trying
these scripts, why don't you have a go at writing it?


Dinis Cruz

Blog: http://diniscruz.blogspot.com
Twitter: http://twitter.com/DinisCruz
Web: http://www.owasp.org/index.php/O2
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-o2-platform/attachments/20110713/0d46b828/attachment.html 

More information about the Owasp-o2-platform mailing list