https://www.exploit-db.com/exploits/20247
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200012-099

SmartWinCyberOfficeShoppingCart2版本（也称为CyberShop）存在漏洞。远程攻击者通过改变隐藏的形式变量”Price”修改价格信息。

source: http://www.securityfocus.com/bid/1733/info

Smartwin Technology CyberOffice Shopping Cart is a shopping cart application for e-commerce enabled websites running Windows NT 4.0 or 2000.

The order form CyberOffice Shopping Cart utilizes can be easily modified by downloading the form locally and then resubmitting it to the target server containing the new values. Unit item prices can be modified to any arbitrary value. 

<input type="hidden" name="Item" value="Specified Value">

来源:BID
名称:1733
链接:http://www.securityfocus.com/bid/1733
来源:WIN2KSEC
名称:20001002DST2K0036:PricemodificationpossibleinCyberOfficeShoppingCart
链接:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0000.html
来源:XF
名称:cyberoffice-price-modification
链接:http://xforce.iss.net/static/5319.php
来源:BUGTRAQ
名称:20001002DST2K0036:PricemodificationpossibleinCyberOfficeShoppingCart
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=97050627707128&w;=2