orderdetails.aspx, as made available to Microsoft .NET developers as example code and demonstrated on www.ibuyspystore.com, allows remote malicious users to view the orders of other users by modifying the OrderID parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft .net framework 1.0 |