Skip to content

[Bug]: Logic error when adding items to the cart  #262

New issue
New issue
Closed
#271
Closed
[Bug]: Logic error when adding items to the cart #262
#271
Labels
Bug
@brusch

Description

@brusch
brusch
opened on Nov 3, 2021

Expected behavior

There is a check over the amount of added items to the cart.

Actual behavior

Description

There is no check over the number of items that a user can add to the cart. Adding a huge amount of items when updating the cart, causes the server to fail returning a 500 Internal Server Error.

Proof of Concept

Below POST request causes the server to fail (adding 900000000 items of the same product). After this POST request, users can't see the cart anymore (they will receive a 500 Internal Server Error).

POST /en/cart HTTP/1.1
Host: demo.pimcore.fun
Cookie: _pc_vis=120b166ae122a7b3; _pc_ses=1635515753969; PHPSESSID=9f6ea63a476c11cbf71a922ec72492d2; _pc_tss=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE2MzU1MTU3MDEuNzA2MDIsInB0ZyI6eyJfbSI6MSwiX2MiOjE2MzU1MTU1OTcsIl91IjoxNjM1NTE1NzAxLCJ2aTpzcnUiOls3LDFdfSwiZXhwIjoxNjM1NTE3NTAxfQ.dveL3XuGf66wRk59wnA7yMrSuRWPFnEmHuJK4SXDWyY; _pc_tvs=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE2MzU1MTU3MDEuNzA2MjYxLCJwdGciOnsiY21mOnNnIjp7Ijg2MCI6MSwiMTAwNyI6MX0sIl9jIjoxNjM1NTE1NTk3LCJfdSI6MTYzNTUxNTYyOSwidGciOltdfSwiZXhwIjoxNjY3MDUxNzAxfQ.SvwP5gneI2doHDVbtLL1A1TtgZYPc_lu6t3y1FNpi-M
Content-Length: 24
Cache-Control: max-age=0
Sec-Ch-Ua: "Google Chrome";v="95", "Chromium";v="95", ";Not A Brand";v="99"
Sec-Ch-Ua-Mobile: ?0
Sec-Ch-Ua-Platform: "Windows"
Upgrade-Insecure-Requests: 1
Origin: https://demo.pimcore.fun
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: https://demo.pimcore.fun/en/cart
Accept-Encoding: gzip, deflate
Accept-Language: it-IT,it;q=0.9
Connection: close

items%5B235%5D=900000000

Steps to reproduce

Just for reference: https://huntr.dev/bounties/f317fc47-3b61-43d3-919d-a9d1143d0187/ (needs to be closed there as well).

Metadata

Metadata

Assignees

No one assigned

    Labels

    Bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions