lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: se_cur_ity at hotmail.com (morning_wood)
Subject: [Vulnerability] : ProductCart database file can be downloaded remotely

vuln to XSS too..

http://www.earlyimpact.com/productcart/build_to_order/productcart/pcadmin/manageCategories.asp

----- Original Message ----- 
From: "gyrniff" <b240503@...niff.dk>
To: <full-disclosure@...ts.netsys.com>
Sent: Saturday, July 05, 2003 10:37 AM
Subject: Re: [Full-Disclosure] [Vulnerability] : ProductCart database
file can be downloaded remotely


> URL:
>
http://www.earlyimpact.com/productcart/build_to_order/productcart/pcadmin/Orddetails.asp?id=239
> Change the name Paul to Paul'
>
> Microsoft OLE DB Provider for ODBC Drivers
>  error '80040e14'
> [Microsoft][ODBC Microsoft Access Driver] Syntax error (missing
operator) in
> query expression ''Paul'',lastName='Smith',customerCompany='Early
Impact',
> address='3226 Colorado Ave', city='Santa Monica', zip='90004',
> stateCode='CA', CountryCode='US', phone='949 452 0062' WHERE
idCustomer=115'.
> /productcart/build_to_order/productcart/pcadmin/processOrder.asp,
line 36
>
> have a nice weekend ;-)
>
> On Saturday 05 July 2003 22:07, Tri Huynh wrote:
> > ProductCart database file can be downloaded remotely
> > =================================================
> >
> > PROGRAM: ProductCart
> > HOMEPAGE: http://www.earlyimpact.com/productcart/
> > VULNERABLE VERSIONS: 1.0 to 2.0
> > RISK: High
> >
> >
> > DESCRIPTION
> > =================================================
> >
> > ProductCart? is an ASP shopping cart that combines sophisticated
> > ecommerce features with time-saving store management tools and
remarkable
> > ease of use. It is widely used by many e-commerce sites.
> >
> > DETAILS
> > =================================================
> >
> > In the default installation, product cart database file is located
at
> > /productcart/database/EIPC.mdb which can be accessed easily
> > by any remote attackers.
> >
> > Sample: http://victimhost/productcart/database/EIPC.mdb
> >
> > The database file includes the store administration password as
well as
> > customer's info (including credit card info).
> >
> >
> >  WORKAROUND
> > =================================================
> >
> > Rename the database file, put it in a protected directory.
> >
> >
> > CREDITS
> > =================================================
> >
> > Discovered by Tri Huynh from Sentry Union
> >
> >
> > DISLAIMER
> > =================================================
> >
> > The information within this paper may change without notice. Use
of
> > this information constitutes acceptance for use in an AS IS
condition.
> > There are NO warranties with regard to this information. In no
event
> > shall the author be liable for any damages whatsoever arising out
of
> > or in connection with the use or spread of this information. Any
use
> > of this information is at the user's own risk.
> >
> >
> > FEEDBACK
> > =================================================
> >
> > Please send suggestions, updates, and comments to:
trihuynh@...up.com
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ