[10349] in bugtraq
Re: FW: Shopping Carts exposing CC data (fwd from Mountain-Net
daemon@ATHENA.MIT.EDU (William Devine II)
Sun Apr 25 13:58:16 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-Id: <199904241954.OAA02489@bluegate.com>
Date: Sat, 24 Apr 1999 14:54:40 -0500
Reply-To: William Devine II <wdevine@BLUEGATE.COM>
From: William Devine II <wdevine@BLUEGATE.COM>
To: BUGTRAQ@NETSPACE.ORG
Mountain Network Systems (www.mountain-net.com) makers of the
WebCart system is a customer of ours. I received email from him after
forwarding a copy of the messages on the bugtraq re: webcart.
This is a reply I received from him.
william
Forwarded message:
> From support@mountain-net.com Sat Apr 24 07:12:51 1999
> Date: Sat, 24 Apr 1999 07:11:41 -0500
> To: "William Devine, II" <william@crescentcon.com>
> X-UIDL: 924983340.009
> From: support@mountain-net.com
> Subject: Re: FW: Shopping Carts exposing CC data
>
> Hi William,
>
> Can you tell me where the signup is or just post this message.
>
> Good Day,
>
> We noticed your comment regarding one of our systems. Please be informed
> that we clearly state in the manuals how to secure your website when using
> the WebCart(r) system. If the website owner elects not to take these steps
> information will be exposed. This is not a reflection of the software but
> the level of protection the website/store owner wants to give their clients.
>
> In terms of professional conduct, if you find issues such as these you
> should contact the store owner and inform them of this. Not post their
> website to everyone in a mailist. You should also make sure you have all
> related information prior to making such a bold statement. You have clearly
> not read or had access to the manuals which describe in detail the steps to
> take to
> avoid this issue.
>
> Best Regards,
> Dan
>
> At 17:07 4/23/99 -0500, you wrote:
> >
> >
> >-----Original Message-----
> >From: Bugtraq List [mailto:BUGTRAQ@netspace.org] On Behalf Of Bo Elkjaer
> >Sent: Friday, April 23, 1999 4:15 PM
> >To: BUGTRAQ@netspace.org
> >Subject: Re: Shopping Carts exposing CC data
> >
> >
> >This is my first post to Bugtraq so please bear with me for any errs and/or
> >misconducts.
> >
> >I'd just like to point out, that Webcart is vulnerable too.
> >
> >Here goes:
> >
> >
> >Mountain Network Systems Inc. http://www.mountain-net.com
> >Platform: ?
> >Exposed Directories: /config, /orders (and others. They're all listed in
> >config-file)
> >Exposed Order Info: orders.txt
> >Exposed Config Info: mountain.cfg
> >Number of exposed installs: 18+ at a quick glance. Probably more.
> >PGP Option Available?: Unknown
> >Status: Commercial, ranging from $399 to $4650.
> >
> >
> >Bo Elkjaer, Denmark
> >
> >
> >
>
> ------------------------------------------------------
> Mountain Network Systems, Inc. (281) 373-1196
> P.O. Box 1362 Cypress, TX 77429
> "Your Internet Programming Source"
>
> http://www.mountain-net.com
> http://www.inet-domains.net
> http://www.webstores.net
>
> ------------------------------
> Sales: sales@mountain-net.com
> Support: support@mountain-net.com
> ------------------------------
>
> Specialist in Advanced Internet Systems . . . making your
> website work for you all day everyday.
>
> Economist estimate a $200 billion online market by the
> year 2000. Now is the time to transform your website
> into a profit center!
> ------------------------------------------------------
>
