[15137] in bugtraq
Java Internet Shop Vulnerability
daemon@ATHENA.MIT.EDU (Viktor Christiansen - CEO & PRESID)
Thu Jun 1 02:36:22 2000
Mime-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="0-1267732633-959784720=:1414"
Message-Id: <Pine.LNX.4.21.0005311649140.1414-200000@server1>
Date: Wed, 31 May 2000 16:52:00 +0200
Reply-To: Viktor Christiansen - CEO & PRESIDENT SECURITY POINT <viktor@SECPOINT.COM>
From: Viktor Christiansen - CEO & PRESIDENT SECURITY POINT <viktor@SECPOINT.COM>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Send mail to mime@docserver.cac.washington.edu for more info.
--0-1267732633-959784720=:1414
Content-Type: TEXT/PLAIN; charset=US-ASCII
Hi there
We have found a hole in Java Internet Shops from Zilron & Shopexpress
whichs runs on 2500+ sites.
It worked here when we tested it but still vertify .
http://www.secpoint.com/advis.html
Viktor Christiansen
CEO & President
viktor@secpoint.com
Security Point
Fredericiagade 26
7100 Vejle
Denmark
Tlf.: +45 75826033
--0-1267732633-959784720=:1414
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="spad01.txt"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.LNX.4.21.0005311652000.1414@server1>
Content-Description:
Content-Disposition: attachment; filename="spad01.txt"
DQ0KICAgICBTZWN1cml0eSBQb2ludCANDQogICAgaW5mb0BzZWNwb2ludC5j
b20NDQp3d3cuc2VjcG9pbnQuY29tL2FkdmlzLmh0bWwNDQoNDQoNDQpBZHZp
c29yeSAjMDAxDQ0KVGl0bGU6IEphdmEgSW50ZXJuZXQgU2hvcCBWdWxuZXJh
YmlsaXR5DQ0KRGF0ZTogMzEtMDUtMDANDQoNDQoNDQogIAkJQ29weXJpZ2h0
IChjKSAyMDAwIFNFQ1VSSVRZIFBPSU5UDQ0KDQ0KQ29udGVudHM6DQ0KPT09
PT09PT09DQ0KDQ0KCUkJRGlzY2xhaW1lcg0NCglJSQlJbnRyb2R1Y3Rpb24N
DQoJSUlJCURlc2NyaXB0aW9uDQ0KCUlWCUZpeA0NCglWCUNvbnRhY3QNDQoJ
VkkJVnVsbmVyYWJsZSBzaXRlcw0NCiAgICAgICAgVklJICAgICBKb2IgT2Zm
ZXJzDQ0KCVZJSUkgICAgR3JlZXRpbmdzDQ0KDQ0KSSAtIERpc2NsYWltZXI6
DQ0KPT09PT09PT09PT09PT09DQ0KDQ0KVGhpcyBwYXBlciBpcyBmb3IgZWR1
Y2F0aW9uYWwgcHVycG9zZSBvbmx5LCBTZWN1cml0eSBQb2ludCB3aWxsIG5v
dCBiZQ0NCnJlc3BvbnNpYmxlIGZvciBhbnkgZGFtYWdlcyB3aGF0c29ldmVy
IHRoYXQgaGF2ZSBhIGNvbm5lY3Rpb24gd2l0aCB0aGUNDQppbmZvcm1hdGlv
biB3cml0dGVuIGluIHRoaXMgcGFwZXIuIFRoZXJlIGFyZSBubyB3YXJyYW50
aWVzIHdpdGggcmVnYXJkIA0NCnRvIHRoaXMgaW5mb3JtYXRpb24sIGFueSB1
c2Ugb2YgdGhpcyBpbmZvcm1hdGlvbiBpcyBhdCB0aGUgdXNlcidzIG93biBy
aXNrLg0NCg0NCg0NCg0NCklJIC0gSW50cm9kdWN0aW9uOg0NCj09PT09PT09
PT09PT09PT09PQ0NCg0NCldlIGhhdmUgZm91bmQgYSB2dWxuZXJhYmlsaXR5
IGluIGEgY29tbW9uIGludGVybmV0IEphdmEgc2hvcCwgdGhpcyBidWcgDQ0K
ZW5hYmxlcyB0aGUgdXNlcnMgdG8gc2VsZWN0IHRoZSBwcmljZSBvZiB0aGUg
bWVyY2hhbmRpc2UgYnkgaGVyL2hpbSBzZWxmISANDQpXZSBoYXZlIGZvdW5k
IHR3byB2ZXJzaW9ucyBvZiB0aGUgcHJvZ3JhbSB0aGF0IGdlbmVyYXRlcyB0
aGVzZSBKYXZhIHNob3BzLCBhIA0NCkRhbmlzaCBvbmUgYW5kIGFuIEVuZ2xp
c2ggb25lLiBUaGUgbmFtZSBvZiB0aGUgRGFuaXNoIG9uZSBpcyBTaG9wZXhw
cmVzcywgYW5kIA0NCnRoZSBFbmdsaXNoIGlzIFppbHJvbiBTdG9yZUNyZWF0
b3IsIHRoaXMgYnVnIHdpbGwgYWZmZWN0IGFib3V0IDI1MDArKyBpbnRlcm5l
dCANDQpzaG9wcy4NDQoNDQpJSUkgLSBEZXNjcmlwdGlvbjoNDQo9PT09PT09
PT09PT09PT09PT0NDQoNDQpBZmZlY3RlZCBTb2Z0d2FyZToNDQoNDQpTaG9w
IEV4cHJlc3MgKERBTklTSCBWRVJTSU9OKQ0NClppbHJvbiBTdG9yZUNyZWF0
b3IgVmVyc2lvbiAzLjAgYW5kIGJlbG93IChFTkdMSVNIIFZFUlNJT04pDQ0K
DQ0KRGVzY3JpcHRpb24gb2YgdGhlIGJ1Zw0NCg0NClRoaXMgd2FzIHRlc3Rl
ZCB3aXRoIEludGVybmV0IEV4cGxvcmVyIDUueCBhbmQgTmV0c2NhcGUgNC54
DQ0KDQ0KUG9pbnQgeW91ciBicm93c2VyIHRvIGFuIGFmZmVjdGVkIHNpdGUg
cnVubmluZyBlaXRoZXIgU2hvcCBFeHByZXNzIG9yIA0NClN0b3JlQ3JlYXRv
ci4gTm93IGdvIHRvIHRoZSBpdGVtIHlvdSAid2FudCIgdG8gYnV5LiBUaGVu
IGJlZm9yZSB5b3UgcHJlc3MgdGhlIA0NCmFkZCB0byBiYXNrZXQgeW91IGNh
biBjaGFuZ2UgdGhlIHZhbHVlIG9mIHRoZSBwcm9kdWN0ICENDQoNDQpTb3Vy
Y2UgYzBkZQ0NCkluIEludGVybmV0IEV4cGxvcmVyIHNlbGVjdCAiVklFVyBT
T1VSQ0UiIGFuZCBzZWFyY2ggZm9yIHRoZSBzdHJpbmcgInJldHVybnBhdGgi
DQ0KaXQgd2lsbCB0ZWxsIHR3byBudW1iZXJzIHdoaWNoIHlvdSBpbnNlcnQg
YXQgeDEsIHgyIGFuZCB0aGVuIGF0IHgzIHlvdSBpbnNlcnQgdGhlIA0NCm5h
bWUgb2YgdGhlIHByb2R1Y3QuIFdoYXRldmVyIHlvdSB3YW50IHRoZSBwcmlj
ZSB0byBiZSB5b3UgaW5zZXJ0IGF0IHg0IGxpa2UgDQ0KMTAuMDAgZm9yIDEw
ICQuDQ0KDQ0KamF2YXNjcmlwdDpwYXJlbnQuUmV0dXJuUGF0aCh4MSwgeDIp
O3BhcmVudC5BZGRSZWNvcmQoIngzIix4NCwxKTsNDQoNDQpub3cgeW91IHRh
a2UgVEhJUyBsaW5lIHlvdSBqdXN0IGdvdCBhbmQgdHlwZSB0aGF0IGludG8g
eW91ciBpbnRlcm5ldCBleHBsb3JlciANDQpQQVRIIGFuZCBwcmVzcyBlbnRl
ci4gVGhlbiB5b3UgY2xpY2sgQlVZIGl0ZW0gYW5kIHlvdSBnZXQgdG8gdGhl
IE9SREVSIHNpdGUgDQ0Kd2hlcmUgaXQgc2F5cyB0aGUgbmV3IHByaWNlLg0N
Cg0NClRoaXMgY2FuIHRoZW4gYmUgZXhwbG9pdGVkIGlmIHRoZSBzaG9wIGlz
IGEgY29tcHV0ZXIgc3RvcmUgYW5kIGEgY29tcHV0ZXINDQppcyAkIDEwMDAg
YW5kIHlvdSBmeCBtYWtlIHRoZSBwcmljZSAkIDg5OSBhbmQgc28gb24gd2l0
aCBsb3RzYSBwcm9kdWN0cyAgIA0NCnRoZW4gaXQgbWVhbnMgaXQgd2lsbCBi
ZSBWRVJZIGNvbXBsaWNhdGVkIGZvciB0aGUgc2hvcCB0byBzb3J0IGl0IGFs
bCBvdXQNDQphbmQgdGhlcmUgaXQgbmVlZHMgYSBkYXRhYmFzZSB3aXRoIGZp
eGVkIHByaWNlIG9uIGFsbCBwcm9kdWN0IDohDQ0KDQ0KDQ0KVmljdDByIC8g
QWxsYW4NDQoNDQpJViAtIEZpeDoNDQo9PT09PT09PT0NDQoNDQphZGQgbWVy
Y2hhbmRpc2UgdG8gYSAiZGF0YWJhc2UiIGZpbGUsIGVnOg0NCg0NCml0ZW1b
MF09SGF0DQ0KcHJpY2VbMF09MTANDQppdGVtWzFdPUNvbXB1dGVyDQ0KcHJp
Y2VbMV09OTk5OQ0NCg0NCkJvdGggU2hvcGV4cHJlc3MgYW5kIFppbHJvbiBh
cmUgYXdhcmUgb2YgdGhpcyBwcm9ibGVtIGFuZCBzaG91bGQgdGhlcmVmb3Ig
aGF2ZQ0NCmEgZml4IG91dCBzb29uLg0NCg0NCg0NClYgLSBDb250YWN0Og0N
Cj09PT09PT09PT09PQ0NCg0NCklmIHlvdSBoYXZlIGZ1cnRoZXIgcXVlc3Rp
b25zIHJlZ2FyZGluZyB0aGlzIGJ1ZywgdGhlbiB5b3UgY2FuIGNvbnRhY3Qg
dXMgYXQgDQ0Kd3d3LnNlY3BvaW50LmNvbS9hZHZpc29yaWVzDQ0KaW5mb0Bz
ZWNwb2ludC5jb20NDQoNDQoNDQpWSSAtIFZ1bG5lcmFibGUgc2l0ZXM6DQ0K
PT09PT09PT09PT09PT09PT09PT09PQ0NCg0NCkhlcmUgYXJlIHRoZSBsaXN0
cyBvZiBzaXRlcyBydW5uaW5nIFNob3AgRXhwcmVzcyBhbmQgU3RvcmVDcmVh
dG9yLg0NCldlIGhhdmUgbm90IGNoZWNrZWQgYWxsIHRoZSBzaXRlcy4gU28g
dGhlcmUgd2lsbCBiZSBubyBndWFyYW50ZWUgZm9yIGFsbCANDQp0aGVzZSBz
aXRlcyB0byBiZSB2dWxuZXJhYmxlLiBCdXQgY2hlY2sgeW91ciBvd24gc2l0
ZS4NDQoNDQpTdG9yZUNyZWF0b3IgU2l0ZXM6DQ0KaHR0cDovL3d3dy56aWxy
b24uY29tDQ0KaHR0cDovL3d3dy56aWxyb24uY29tL21hbGwvbW9yZXN0b3Jl
cy5odG1sDQ0KDQ0KU2hvcCBFeHByZXNzIFNpdGVzOg0NCmh0dHA6Ly93d3cu
c2hvcGV4cHJlc3MuZGsvDQ0KaHR0cDovL3d3dy5zaG9wZXhwcmVzcy5kay9y
ZWZlcmVuY2VyLmh0bQ0NCg0NCg0NClZJSSAtIEpvYiBPZmZlcnM6DQ0KPT09
PT09PT09PT09PT09DQ0KDQ0KU2VjdXJpdHkgUG9pbnQgaXMgc2Vla2luZyBz
ZWN1cml0eSBlbnRodXNpYXN0cyB3aXRoIGEgdmFzdCBleHBlcmllbmNlDQ0K
aW4gaW50cnVzaW9uIHRlc3RpbmcsIGZpcmV3YWxsL0lEUyBjb25maWd1cmF0
aW9uIGFuZCBvdGhlcg0NCnNlY3VyaXR5LXJlbGF0ZWQgZmllbGRzLiBGb3Ig
bW9yZSBpbmZvcm1hdGlvbiwgcGxlYXNlIHZpc2l0Og0NCg0NCmh0dHA6Ly93
d3cuc2VjcG9pbnQuY29tL3NlY2pvYnMuaHRtbA0NCg0NCg0NClZJSUkgLSBH
cmVldGluZ3MgZmx5IHRvOg0NCj09PT09PT09PT09PT09PT09PT09PT09DQ0K
OiBTZWN1cml0eUZvY3VzLmNvbSwgQURNLCBPYmVjaWFuLCBTa29kYnVtc19o
YW5nb3V0LCB3MDB3MDAsIGN5YmswcmVkIHRoZSBHcmVlayB3aG9yZSwgbjBz
c2VyIC4gDQ0KDQ0KDQ0KDQ0KDQ0K
--0-1267732633-959784720=:1414--
