<div>On the Spring MVC topic, I added a couple more blog posts and video to the O2 developer blog:</div><div><ul><li><a href="http://o2platform.wordpress.com/2011/07/13/viewing-jpetstore-hsqldb-database-and-couple-more-autobinding-issues/">http://o2platform.wordpress.com/2011/07/13/viewing-jpetstore-hsqldb-database-and-couple-more-autobinding-issues/</a></li>
<li><a href="http://o2platform.wordpress.com/2011/07/13/writing-an-o2-ie-automation-script-for-jpetstore-account-creation/">http://o2platform.wordpress.com/2011/07/13/writing-an-o2-ie-automation-script-for-jpetstore-account-creation/</a> with supporting YouTube video <a href="http://www.youtube.com/watch?v=J4Ojqzb6qsw">http://www.youtube.com/watch?v=J4Ojqzb6qsw</a></li>
<li><a href="http://o2platform.wordpress.com/2011/07/13/injecting-firebuglite-and-jquery-into-a-ie-automation-page-jpetstore-example/">http://o2platform.wordpress.com/2011/07/13/injecting-firebuglite-and-jquery-into-a-ie-automation-page-jpetstore-example/</a></li>
<li><a href="http://o2platform.wordpress.com/2011/07/13/creating-an-api-for-jpetstore-browser-auto/">http://o2platform.wordpress.com/2011/07/13/creating-an-api-for-jpetstore-browser-auto/</a></li></ul></div>I also noticed that using the same autobinding vulnerability, it is possible to change the quantity of the item being purchased to a <b>negative </b>value which has interesting implications on the current purchase and more importantly on the global (to JPetStore) &#39;item stock quantity&#39; value.<div>
<br></div><div>I have not scripted this latest issue, but if you want looking at trying these scripts, why don&#39;t you have a go at writing it? </div><div><br></div><div>:)<br><div><br>Dinis Cruz<br><br>Blog: <a href="http://diniscruz.blogspot.com">http://diniscruz.blogspot.com</a><br>
Twitter: <a href="http://twitter.com/DinisCruz">http://twitter.com/DinisCruz</a><br>Web: <a href="http://www.owasp.org/index.php/O2">http://www.owasp.org/index.php/O2</a><br>
</div></div>