You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Submit a post request to Mage_Checkout_CartController estimatePostAction with arbitrary values for the form fields (in this case country_id). In this case an attacker was attempting injection attacks, and set an invalid country_id on their quote shipping address.
Expected result (*)
Quote shipping address should not allow invalid values to be set.
Actual result (*)
Shipping address will have invalid country id set.
Whenever a call is made to Mage_Directory_Model_Resource_CountryloadByCode an exception will be thrown (line 58)
The text was updated successfully, but these errors were encountered:
Preconditions (*)
Steps to reproduce (*)
estimatePostAction
with arbitrary values for the form fields (in this casecountry_id
). In this case an attacker was attempting injection attacks, and set an invalid country_id on their quote shipping address.Expected result (*)
Actual result (*)
Mage_Directory_Model_Resource_Country
loadByCode
an exception will be thrown (line 58)The text was updated successfully, but these errors were encountered: