CVE-2002-0409 Information

Description

orderdetails.aspx as made available to Microsoft .NET developers as example code and demonstrated on www.ibuyspystore.com allows remote attackers to view the orders of other users by modifying the OrderID parameter.

Reference

http://marc.info/?l=bugtraq&m=101518860823788&w=2