ShoppingCart Security issues

Hi,

Is this a real project meant to be used in production e-Commerce sites? or just an educational project? If the former, please let me know where could I submit a security issue in your project.

Cheers, A

Aug 09 '18 12:08 pwntester

Hi @pwntester , this project is for educational purpose, I don't recommend this project for production e-Commerce. can I know what security issue did you face ?

Aug 09 '18 12:08 ikismail

Similar to the one reported to the Spring webflow demo app

In your case, the binder is not configured on any states, so there is nothing preventing an attacker to send a cart.totalPrice=0 parameter to change the price of the cart, for example.

Aug 09 '18 12:08 pwntester

Nice @pwntester , I will go through it and try to fix.

Aug 09 '18 12:08 ikismail

Hi, I want the tables in your project.i can't find the tables in your project how do I do it..??

Nov 22 '18 10:11 ChillBoss

@ChillBoss Refer -> #22

Nov 23 '18 13:11 ikismail

Jan 24, 2019 10:32:29 AM org.springframework.web.servlet.PageNotFound noHandlerFound WARNING: No mapping found for HTTP request with URI [/pages/j_spring_security_check] in DispatcherServlet with name 'dispatcher' please help me for that..!!!!!!!!!!!

Jan 24 '19 05:01 swapnil0

@swapnil0 were you able to resolve this? I am also facing the same issue.

Mar 21 '19 03:03 iamrahulkohli

// applicationContext.xml
<security:form-login login-page="/login"
			login-processing-url="/j_spring_security_check"
			authentication-failure-url="/login?error" default-target-url="/index1" />
		<security:logout logout-success-url="/login?logout" />
		<security:csrf disabled="true"/>

Mar 23 '19 17:03 taminhluan

Hi @pwntester , this project is for educational purpose, I don't recommend this project for production e-Commerce. can I know what security issue did you face ?

May I ask why don't you recommend this for production?

Sep 11 '19 17:09 Abdul-Ghani-Firoze