[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200307051937.41658@gyrniff>
From: b240503 at gyrniff.dk (gyrniff)
Subject: [Vulnerability] : ProductCart database file can be downloaded remotely
URL:
http://www.earlyimpact.com/productcart/build_to_order/productcart/pcadmin/Orddetails.asp?id=239
Change the name Paul to Paul'
Microsoft OLE DB Provider for ODBC Drivers
error '80040e14'
[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in
query expression ''Paul'',lastName='Smith',customerCompany='Early Impact',
address='3226 Colorado Ave', city='Santa Monica', zip='90004',
stateCode='CA', CountryCode='US', phone='949 452 0062' WHERE idCustomer=115'.
/productcart/build_to_order/productcart/pcadmin/processOrder.asp, line 36
have a nice weekend ;-)
On Saturday 05 July 2003 22:07, Tri Huynh wrote:
> ProductCart database file can be downloaded remotely
> =================================================
>
> PROGRAM: ProductCart
> HOMEPAGE: http://www.earlyimpact.com/productcart/
> VULNERABLE VERSIONS: 1.0 to 2.0
> RISK: High
>
>
> DESCRIPTION
> =================================================
>
> ProductCart? is an ASP shopping cart that combines sophisticated
> ecommerce features with time-saving store management tools and remarkable
> ease of use. It is widely used by many e-commerce sites.
>
> DETAILS
> =================================================
>
> In the default installation, product cart database file is located at
> /productcart/database/EIPC.mdb which can be accessed easily
> by any remote attackers.
>
> Sample: http://victimhost/productcart/database/EIPC.mdb
>
> The database file includes the store administration password as well as
> customer's info (including credit card info).
>
>
> WORKAROUND
> =================================================
>
> Rename the database file, put it in a protected directory.
>
>
> CREDITS
> =================================================
>
> Discovered by Tri Huynh from Sentry Union
>
>
> DISLAIMER
> =================================================
>
> The information within this paper may change without notice. Use of
> this information constitutes acceptance for use in an AS IS condition.
> There are NO warranties with regard to this information. In no event
> shall the author be liable for any damages whatsoever arising out of
> or in connection with the use or spread of this information. Any use
> of this information is at the user's own risk.
>
>
> FEEDBACK
> =================================================
>
> Please send suggestions, updates, and comments to: trihuynh@...up.com
Powered by blists - more mailing lists