[10374] in bugtraq
Web Store EC App Security Analysis
daemon@ATHENA.MIT.EDU (Fred Bower)
Wed Apr 28 15:54:49 1999
Message-Id: <19990427215753Z36811-25129+1757@brimstone.netspace.org>
Date: Tue, 27 Apr 1999 21:57:31 +0000
Reply-To: Fred Bower <fredb@CSE.OGI.EDU>
From: Fred Bower <fredb@CSE.OGI.EDU>
To: BUGTRAQ@NETSPACE.ORG
As a follow-on to the numerous reports of EC app security vulnerabilities, I thought that I would add my $.02. I did a (fairly) detailed analysis of WebStore ( http://www.extropia.com/scripts/web_store.html ) and have published my paper at http://www.cse.ogi.edu/~fredb/cse527paper.html for all to read. While WebStore has already been mentioned in a thread here, the detail given was limited. If you desire additional information, my report may be of interest. In addition to the unauthorized access to order information, I found potential denial of service or installation corruption issues that, while not as large a problem as publication of credit card numbers, are still significant problems in the product.
fred
Fred Bower
Standard Disclaimers Apply
fredb@cse.ogi.edu
