[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20030706110656.X7072-100000@vapid.ath.cx>
From: lwc at vapid.ath.cx (Larry W. Cashdollar)
Subject: [Vulnerability] : ProductCart database file
can be downloaded remotely
949 is a legit zip code in cali.
On Sat, 5 Jul 2003, KF wrote:
> Was that legit California data? I am sure than making someone have a
> nice weekend you just made multiple someones have a shitty month ahead
> of them...
> http://www.theregister.co.uk/content/55/31509.html
>
> -KF
>
> gyrniff wrote:
>
> >URL:
> >http://www.earlyimpact.com/productcart/build_to_order/productcart/pcadmin/Orddetails.asp?id=239
> >Change the name Paul to Paul'
> >
> >Microsoft OLE DB Provider for ODBC Drivers
> > error '80040e14'
> >[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in
> >query expression ''Paul'',lastName='Smith',customerCompany='Early Impact',
> >address='3226 Colorado Ave', city='Santa Monica', zip='90004',
> >stateCode='CA', CountryCode='US', phone='949 452 0062' WHERE idCustomer=115'.
> >/productcart/build_to_order/productcart/pcadmin/processOrder.asp, line 36
> >
> >have a nice weekend ;-)
> >
> >On Saturday 05 July 2003 22:07, Tri Huynh wrote:
> >
> >
> >>ProductCart database file can be downloaded remotely
> >>=================================================
> >>
> >>PROGRAM: ProductCart
> >>HOMEPAGE: http://www.earlyimpact.com/productcart/
> >>VULNERABLE VERSIONS: 1.0 to 2.0
> >>RISK: High
> >>
> >>
> >>DESCRIPTION
> >>=================================================
> >>
> >>ProductCart® is an ASP shopping cart that combines sophisticated
> >>ecommerce features with time-saving store management tools and remarkable
> >>ease of use. It is widely used by many e-commerce sites.
> >>
> >>DETAILS
> >>=================================================
> >>
> >>In the default installation, product cart database file is located at
> >>/productcart/database/EIPC.mdb which can be accessed easily
> >>by any remote attackers.
> >>
> >>Sample: http://victimhost/productcart/database/EIPC.mdb
> >>
> >>The database file includes the store administration password as well as
> >>customer's info (including credit card info).
> >>
> >>
> >> WORKAROUND
> >>=================================================
> >>
> >>Rename the database file, put it in a protected directory.
> >>
> >>
> >>CREDITS
> >>=================================================
> >>
> >>Discovered by Tri Huynh from Sentry Union
> >>
> >>
> >>DISLAIMER
> >>=================================================
> >>
> >>The information within this paper may change without notice. Use of
> >>this information constitutes acceptance for use in an AS IS condition.
> >>There are NO warranties with regard to this information. In no event
> >>shall the author be liable for any damages whatsoever arising out of
> >>or in connection with the use or spread of this information. Any use
> >>of this information is at the user's own risk.
> >>
> >>
> >>FEEDBACK
> >>=================================================
> >>
> >>Please send suggestions, updates, and comments to: trihuynh@...up.com
> >>
> >>
> >
> >_______________________________________________
> >Full-Disclosure - We believe in it.
> >Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> >
> >
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
Powered by blists - more mailing lists