[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3F072754.2010308@snosoft.com>
From: dotslash at snosoft.com (KF)
Subject: [Vulnerability] : ProductCart database file
can be downloaded remotely
Was that legit California data? I am sure than making someone have a
nice weekend you just made multiple someones have a shitty month ahead
of them...
http://www.theregister.co.uk/content/55/31509.html
-KF
gyrniff wrote:
>URL:
>http://www.earlyimpact.com/productcart/build_to_order/productcart/pcadmin/Orddetails.asp?id=239
>Change the name Paul to Paul'
>
>Microsoft OLE DB Provider for ODBC Drivers
> error '80040e14'
>[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in
>query expression ''Paul'',lastName='Smith',customerCompany='Early Impact',
>address='3226 Colorado Ave', city='Santa Monica', zip='90004',
>stateCode='CA', CountryCode='US', phone='949 452 0062' WHERE idCustomer=115'.
>/productcart/build_to_order/productcart/pcadmin/processOrder.asp, line 36
>
>have a nice weekend ;-)
>
>On Saturday 05 July 2003 22:07, Tri Huynh wrote:
>
>
>>ProductCart database file can be downloaded remotely
>>=================================================
>>
>>PROGRAM: ProductCart
>>HOMEPAGE: http://www.earlyimpact.com/productcart/
>>VULNERABLE VERSIONS: 1.0 to 2.0
>>RISK: High
>>
>>
>>DESCRIPTION
>>=================================================
>>
>>ProductCart? is an ASP shopping cart that combines sophisticated
>>ecommerce features with time-saving store management tools and remarkable
>>ease of use. It is widely used by many e-commerce sites.
>>
>>DETAILS
>>=================================================
>>
>>In the default installation, product cart database file is located at
>>/productcart/database/EIPC.mdb which can be accessed easily
>>by any remote attackers.
>>
>>Sample: http://victimhost/productcart/database/EIPC.mdb
>>
>>The database file includes the store administration password as well as
>>customer's info (including credit card info).
>>
>>
>> WORKAROUND
>>=================================================
>>
>>Rename the database file, put it in a protected directory.
>>
>>
>>CREDITS
>>=================================================
>>
>>Discovered by Tri Huynh from Sentry Union
>>
>>
>>DISLAIMER
>>=================================================
>>
>>The information within this paper may change without notice. Use of
>>this information constitutes acceptance for use in an AS IS condition.
>>There are NO warranties with regard to this information. In no event
>>shall the author be liable for any damages whatsoever arising out of
>>or in connection with the use or spread of this information. Any use
>>of this information is at the user's own risk.
>>
>>
>>FEEDBACK
>>=================================================
>>
>>Please send suggestions, updates, and comments to: trihuynh@...up.com
>>
>>
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
>
Powered by blists - more mailing lists