[10346] in bugtraq
Re: Shopping Carts exposing CC data
daemon@ATHENA.MIT.EDU (hevnsnt)
Sat Apr 24 13:23:05 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <006a01be8e06$9cfb1080$77a9b0d1@hevnsnt>
Date: Fri, 23 Apr 1999 22:57:45 -0500
Reply-To: hevnsnt <hevnsnt@BIGFOOT.COM>
From: hevnsnt <hevnsnt@BIGFOOT.COM>
To: BUGTRAQ@NETSPACE.ORG
Sorry If already known, 1st post..
Even worse than this, check the Admin directory.. ugh. Seems as though you
can configure the system without any type of password or authentication.
*sigh* x2
-hevn
----- Original Message -----
From: Joe <joe@GONZO.BLARG.NET>
To: <BUGTRAQ@netspace.org>
Sent: Friday, April 23, 1999 7:15 PM
Subject: Re: Shopping Carts exposing CC data
> On Fri, 23 Apr 1999, Bo Elkjaer wrote:
>
> > This is my first post to Bugtraq so please bear with me for any errs
and/or
> > misconducts.
> >
> > I'd just like to point out, that Webcart is vulnerable too.
> >
> > Here goes:
> >
> >
> > Mountain Network Systems Inc. http://www.mountain-net.com
> > Platform: ?
> > Exposed Directories: /config, /orders (and others. They're all listed in
> > config-file)
> > Exposed Order Info: orders.txt
> > Exposed Config Info: mountain.cfg
> > Number of exposed installs: 18+ at a quick glance. Probably more.
> > PGP Option Available?: Unknown
> > Status: Commercial, ranging from $399 to $4650.
> >
> >
> > Bo Elkjaer, Denmark
> >
>
> Confirmed it, sent a heads-up to mountain-net. Worse, look for
> "import.txt" and "checks.txt" Import.txt includes every order ever made
> on the site in a tab-delimited format.
>
> *sigh*
>
> --
> Joe H. Technical Support
> General Support: support@blarg.net Blarg! Online Services, Inc.
> Voice: 425/401-9821 or 888/66-BLARG http://www.blarg.net
