I was invited to help the investigation into a WebSite that was getting lots of inexplicable data and apparently was underpricing sales.

As was suggested in many educational books, validation of 'Form Fields' was being carried out using JavaScript on the Client PCs and the 'Submit' button would not work until the Local Validation Checks were completed.
to add insult to injury, the "Shopping Basket Balance" was carried backward and forward in 'Hidden Form Fields'.

When I asked the WebSite Builder why he had done these things, a book was produced that showed an example of a site doing these things - I almost cried !!

When the data was transmitted to the server, it was just plonked into Database Tables with no Server Side Validation !!!



We found that someone (well two different people - in different countries - with no connection to each other) had created a clone page on a different WebSite.

So easy to do - just "View Source" and "Save It" and bingo, you have got a cloned page !!

Strip the JavaScript validation out of the Clone - you can then put any invalid and illogical rubbish into the 'Form Fields'
worst thing of all, you can put what you like in the "Shopping Basket Balance" field.

We managed to trace and communicate with one of the Cloners - a middle aged housewife with time on her hands - and asked her WHY !! There were two parts to the answer:

There was no intent to Rob or Decieve !!



There are several lessons to be learned from this example: