e-commerce sites utilizing hidden fields are susceptible to manipulation, such as selling a 65†Plasma for $.99. The way it works is the hidden field containing the price gets its value changed from many thousands of dollars to less than one, and the form is submitted to the server. The server blindly trusts the web client, and instead of actually using its own database-stored pricing (which is where the price no doubt came from originally) uses the price supplied by the client.
The author wants to call this process eShoplifting. I call it redistributing wealth (from the stupid to the clever).
I remember this one from a hacking session at MSDN user group. I believe the example used was Amazon, this was a few years ago.
The other technique was ye old sql injection!;)
John.