Security issues

[pwntester]

Hi,

Is this a real project meant to be used in production e-Commerce sites? or just an educational project? If the former, please let me know where could I submit a security issue in your project.

Cheers, A

[ikismail]

Hi @pwntester , this project is for educational purpose, I don't recommend this project for production e-Commerce. can I know what security issue did you face ?

[pwntester]

Similar to the one reported to the Spring webflow demo app

In your case, the binder is not configured on any states, so there is nothing preventing an attacker to send a cart.totalPrice=0 parameter to change the price of the cart, for example.

[ikismail]

Nice @pwntester , I will go through it and try to fix.

[ChillBoss]

Hi, I want the tables in your project.i can't find the tables in your project how do I do it..??

[ikismail]

@ChillBoss Refer -> #22

[swapnil0]

Jan 24, 2019 10:32:29 AM org.springframework.web.servlet.PageNotFound noHandlerFound WARNING: No mapping found for HTTP request with URI [/pages/j_spring_security_check] in DispatcherServlet with name 'dispatcher' please help me for that..!!!!!!!!!!!

[iamrahulkohli]

@swapnil0 were you able to resolve this? I am also facing the same issue.

[taminhluan]

// applicationContext.xml
<security:form-login login-page="/login"
            login-processing-url="/j_spring_security_check"
            authentication-failure-url="/login?error" default-target-url="/index1" />
        <security:logout logout-success-url="/login?logout" />
        <security:csrf disabled="true"/>

[Abdul-Ghani-Firoze]

Hi @pwntester , this project is for educational purpose, I don't recommend this project for production e-Commerce. can I know what security issue did you face ?

May I ask why don't you recommend this for production?