• info
• discussion
• exploit
• solution
• references

Multiple Vendor Web Shopping Cart Hidden Form Field Vulnerability

Solution:
As this problem affects multiple products, check your vendors homepage for solution information.

In the ISS advisory the following products are listed as having been fixed:

@Retail (http://www.atretail.com)
Cart32 2.6 (http://www.cart32.com)
CartIt 3.0 (http://www.cartit.com)
Make-a-Store OrderPage (http://www.make-a-store.com)
SalesCart (http://www.salescart.com)
SmartCart (http://www.smartcart.com)
Shoptron 1.2 (http://www.shoptron.com)

Cart32 version3.0 is still vulnerable.