
ACIDRain: Concurrency-Related Attacks on Database-Backed Web Applications [pdf] - jbapple
http://www.bailis.org/papers/acidrain-sigmod2017.pdf
======
jbapple
On page 11, the paper discusses a bug report in which a vulnerability report
was responded to with "use your brain! its not hard to come up with a solution
that does not involve coding!". Here is that bug report:
[https://github.com/opencart/opencart/issues/4811](https://github.com/opencart/opencart/issues/4811)

~~~
elvinyung
Yeah, it's pretty well known that danielkerr (the maintainer of OpenCart) is
pretty toxic, and (imho) very questionable in terms of competence.

Some of the other things he has said:

* In response to an accusation of stripping license from copied open source code: "fuck off!" [1]

* In response to a support question about a session error: "are u stupied!" [2]

* some others [3][4][5]

[1] [https://web-
beta.archive.org/web/20141018114521/https://gist...](https://web-
beta.archive.org/web/20141018114521/https://gist.github.com/uppfinnarn/9956023),
which is a copy of [https://web-
beta.archive.org/web/20141018110346/https://gith...](https://web-
beta.archive.org/web/20141018110346/https://github.com/opencart/opencart/issues/1286)

[2]
[https://forum.opencart.com/viewtopic.php?t=49240#p237193](https://forum.opencart.com/viewtopic.php?t=49240#p237193)

[3] [http://www.websynn.com/2011/04/11/daniel-kerrs-opencart-
secu...](http://www.websynn.com/2011/04/11/daniel-kerrs-opencart-security-
holes-and-vulnerability/)

[4] [http://www.websynn.com/2012/01/10/opencart-update-daniel-
ker...](http://www.websynn.com/2012/01/10/opencart-update-daniel-kerr-is-at-
it-again/)

[5] [http://www.techchattr.com/never-use-
opencart#comment-1091055...](http://www.techchattr.com/never-use-
opencart#comment-1091055200)

