13 {{ upvoteCount | shortNum }}
13 {{ upvoteCount | shortNum }}

Huge Hole In Ecommerce Sites

by diglet
10 replies
  • ECOMMERCE
    • |
Hi

Just been doing my daily surfing around and I came across a blog post that highlights a problem that anyone with an eccomerce store may not know about. I had a quick look at a few random sites and I found the problem arose quite often.

If you have an eccomerce store you need to check this post out to see if you have a problem and how you can fix it, you might be loosing a lot of money without knowing about it:

Digital Agency 9xb Uncovers A Massive Internet Flaw Think Tank


Mark
#ecommerce #hole #huge #sites
  • Profile picture of the author mikengo
    Thanks for the share. Is it possible to buyers to get free stuff if they enter -1?

    Mike
    {{ DiscussionBoard.errors[1120052].message }}
  • Profile picture of the author diglet
    I tested it out on a few sites and depending on what you put in e.g. -1 or -45 or any random number, some sites just knock off the minus amount from the shopping cart.

    So if you had a shopping basket with $100 of items in and you changed the quantity to -45 it changes the shopping basket to $55 instead of $100 giving you an immediate 45% discount.

    Not sure how many store owners would spot this especially if they were doing a large number of orders.

    It seems that different shopping carts act differently but if you can edit the quantity box, many cause a negative amount to be taken off the price of the basket.

    Mark
    {{ DiscussionBoard.errors[1120076].message }}
  • Profile picture of the author globalpro
    Hi,

    You will run into this with any open source software. What's important to look for is ongoing development and active support, preferably a support forum. Since it's open source, you have people donating time free of charge.

    Kind of like Word Press.

    To not run into this problem, you need to invest in a paid solution that is widely used and highly recommended. Best way to start is to send a support request with 'pre-sale'questions and see how quick the response is.

    Thanks,

    John
    {{ DiscussionBoard.errors[1120085].message }}
    • Profile picture of the author badfun
      Originally Posted by globalpro View Post

      You will run into this with any open source software.
      I just tested this with Zen Cart and OS Commerce and neither one has this flaw. They both empty your cart if you try a negative number. I also tested a few other sites (not sure what cart they are using) and none allowed a negative number.

      so which are the vulnerable systems?
      brent
      {{ DiscussionBoard.errors[1120402].message }}
  • Profile picture of the author Allan V
    Thanks for the heads up. I'm currently looking at different shopping carts and will now check them for this flaw!
    {{ DiscussionBoard.errors[1120086].message }}
  • Profile picture of the author diglet
    It is very surprising how many major sites out there actually have this problem. I have been on the internet pretty much since the beginning and never really thought to look at this on my ecommerce sites
    {{ DiscussionBoard.errors[1120277].message }}
  • Profile picture of the author Steve Peters Benn
    This is a pretty poor attempt by the company who posted to get some attention I think. Sure, ten years ago this might have been big news, but most major systems will not have this floor. It's a little like me talking about frames being a big issue - sure some sites have them, but the majority don't...
    {{ DiscussionBoard.errors[1120771].message }}
  • Profile picture of the author diglet
    I dont think this is specific to any particular cart program but more for ecommerce owners that have a bespoke system.

    Have a search on google for any product and I am sure you will find a checkout that has this problem without much effort.
    {{ DiscussionBoard.errors[1126842].message }}
  • Profile picture of the author Steadyon
    Hi,

    This is not news at all.

    Most simple shopping carts can be manipulated by customers by sending an altered form.

    It doesn't mean the coimpany has to honour the transaction if it has been manipulated.

    So what if someone put in -1

    Big deal.

    What if they put in a false address, false email and even a stolen card?

    All just part of being in business and dealing with tossers who try to pull a fast one.

    It doesn't just happen on the internet.

    What I think is funny is that the guy on the site thinks he has discovered something as important as finding the Holy Grail or something.

    Anyway, thanks for sharing, but this is nothing to worry about. You just have to have systems in place or eyeball orders before they get sent out etc.

    For decent shopping carts this isn't even an issue, but it could be for the smaller guys. Just keep your wits about you.
    {{ DiscussionBoard.errors[1126887].message }}
  • Profile picture of the author Mukul Verma
    Does this issue occur with Paypal and Google Checkout?
    Signature
    {{ DiscussionBoard.errors[1126968].message }}

Trending Topics