lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 09 Oct 2006 21:22:41 -0400 From: Mayhemic Labs Security <security@...hemiclabs.com> To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com Subject: MHL-2006-001 Public Advisory: "Eazy Cart" Multiple Security Issues -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MHL-2006-001 - Public Advisory +-----------------------------------------------------------+ | Eazy Cart Multiple Security Issues | +-----------------------------------------------------------+ PUBLISHED ON October 9th, 2006 PUBLISHED AT http://www.mayhemiclabs.com/advisories/MHL-2006-01.txt http://www.mayhemiclabs.com/wiki/wikka.php?wakka=MHL2006001 PUBLISHED BY Mayhemic Labs http://www.mayhemiclabs.com security AT mayhemiclabs DOT com GPG key: 0x56143F84 APPLICATION Eazy Cart http://www.eazycart.com/ "Eazy Cart the easy to install shopping cart system" AFFECTED VERSIONS All Verison ISSUES Eazy Cart is vulnerable to authenication bypassing, data injection, and XSS attacks 1) Authenication bypass Eazy Cart does not check login credentials past the initial login screen of the administration menu. Example: An attacker can access all administrative functions without authentication by going to /admin/home/index.php. 2) Data Injection Eazy Cart trusts user entered data implicitly, allowing an attacker to adjust prices and other values when ordering. Example: A user can craft a malicious URL to submit incorrect data to easycart.php telling it to add items to its cart for incorrect prices, including negative values. 3) XSS Eazy Cart trusts user entered data implicitly, not sanatizing it for malicious code. Example: A user can craft a malicious URL to submit incorrect data to easycart.php feeding it malicious javascript WORKAROUNDS None at this time SOLUTIONS None at this time REFERENCES None TIMELINE October 3rd, 2006 Vendor/Developer Notified October 8th, 2006 Vendor/Developer notification returned. October 9th, 2006 Public Release ADDITIONAL CREDIT N/A LICENSE Creative Commons Attribution-ShareAlike License http://creativecommons.org/licenses/by-sa/2.5 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFKvXhzjnMaVYUP4QRAh6bAKC6C4ZG/KkYsijeVnC2AuiwvG1O1wCeNePN aVJsxgezSujUz7MNkJQavJ8= =Is2h -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists