Really nice ecommerce javascript

[vincent]

Hey guys. I found what seems like a really good idea at http://simplecartjs.com/ . It’s a full featured eCommerce cart, but all it requires is a js file; no databases or anything are required. If you could take a second to read about how it works…

I was wondering, what kind of security vulnerabilities does something like this have? I think it’s very interesting because it’s REALLY simple, unlike the eCommerce plugins I use with WordPress.

[Mr KiTT3N]

Its not very secure…. I can go into firebug and give myself a discount….

Code:

simpleCart.taxRate = 0.07;

Tax rate varies as well…. out of state ect…. how do you detect/change that per customer?

there is many ways to exploit…..

[vincent]

I don’t know about the tax part… But, just because you can change a price in Firebug doesn’t mean you actually change the price that gets sent to Paypal…

Maybe have no tax but increase the prices by an average amount, or, it wouldn’t be that hard to set it up with the taxes of every state and you have them enter the shipping information and have the state selection be a select box and pull that state and cross it with the tax of that state.

[Mr KiTT3N]

if you are not doing any validation threw a server side script then this means i can modify and change anything i want that gets sent to paypal or google checkout…. its completely in the open

Code:

Most ECommerce Sites
Server > Client > Server > Checkout

This script
Server > Client //> Checkout

Understand html / css / javascript they are all client side languages…. my browser chooses how and what it is going to use it…

EDIT: Sales tax only applies to the state in where the seller and sale resides this is why amazon is a popular site….

[vincent]

Ah, I see. I was editing the price of the item once it was already in the cart, and the price still stayed the same. But I edited the price of an item and then clicked add to cart and it came out with my amount.

So I guess it’s pretty much useless.

[Author]

Posts