[10340] in bugtraq
Re: Shopping Carts exposing CC data
daemon@ATHENA.MIT.EDU (Joe)
Fri Apr 23 21:45:30 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.3.96.990423171120.18751B-100000@gonzo.blarg.net>
Date: Fri, 23 Apr 1999 17:15:00 -0700
Reply-To: Joe <joe@GONZO.BLARG.NET>
From: Joe <joe@GONZO.BLARG.NET>
X-To: Bo Elkjaer <boo@DATASHOPPER.DK>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <3720E2B6.6031A2E7@datashopper.dk>
On Fri, 23 Apr 1999, Bo Elkjaer wrote:
> This is my first post to Bugtraq so please bear with me for any errs and/or
> misconducts.
>
> I'd just like to point out, that Webcart is vulnerable too.
>
> Here goes:
>
>
> Mountain Network Systems Inc. http://www.mountain-net.com
> Platform: ?
> Exposed Directories: /config, /orders (and others. They're all listed in
> config-file)
> Exposed Order Info: orders.txt
> Exposed Config Info: mountain.cfg
> Number of exposed installs: 18+ at a quick glance. Probably more.
> PGP Option Available?: Unknown
> Status: Commercial, ranging from $399 to $4650.
>
>
> Bo Elkjaer, Denmark
>
Confirmed it, sent a heads-up to mountain-net. Worse, look for
"import.txt" and "checks.txt" Import.txt includes every order ever made
on the site in a tab-delimited format.
*sigh*
--
Joe H. Technical Support
General Support: support@blarg.net Blarg! Online Services, Inc.
Voice: 425/401-9821 or 888/66-BLARG http://www.blarg.net
