lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 09 Oct 2006 21:22:41 -0400
From: Mayhemic Labs Security <security@...hemiclabs.com>
To: full-disclosure@...ts.grok.org.uk,  bugtraq@...urityfocus.com
Subject: MHL-2006-001 Public Advisory: "Eazy Cart"
	Multiple Security Issues

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

MHL-2006-001 - Public Advisory

+-----------------------------------------------------------+
|            Eazy Cart Multiple Security Issues             |
+-----------------------------------------------------------+


PUBLISHED ON
  October 9th, 2006


PUBLISHED AT
  http://www.mayhemiclabs.com/advisories/MHL-2006-01.txt
  http://www.mayhemiclabs.com/wiki/wikka.php?wakka=MHL2006001


PUBLISHED BY
  Mayhemic Labs
  http://www.mayhemiclabs.com

  security AT mayhemiclabs DOT com
  GPG key: 0x56143F84


APPLICATION
  Eazy Cart
  http://www.eazycart.com/
  "Eazy Cart the easy to install shopping cart system"


AFFECTED VERSIONS
  All Verison


ISSUES
  Eazy Cart is vulnerable to authenication bypassing,
  data injection, and XSS attacks

	1) Authenication bypass
	Eazy Cart does not check login credentials past the
	initial login screen of the administration menu.
	
	Example:
	An attacker can access all administrative functions
	without authentication by going to /admin/home/index.php.
	
	2) Data Injection
	Eazy Cart trusts user entered data implicitly, allowing
	an attacker to adjust prices and other values when
	ordering.
	
	Example: A user can craft a malicious URL to submit
	incorrect data to easycart.php telling it to add items
	to its cart for incorrect prices, including negative
	values.
	
	3) XSS
	Eazy Cart trusts user entered data implicitly, not
	sanatizing it for malicious code.
	
	Example: A user can craft a malicious URL to submit
	incorrect data to easycart.php feeding it malicious
	javascript
	
WORKAROUNDS
	None at this time

SOLUTIONS
	None at this time

REFERENCES
	None
	
TIMELINE
	October 3rd, 2006
		Vendor/Developer Notified
	October 8th, 2006
		Vendor/Developer notification returned.
	October 9th, 2006
		Public Release		

ADDITIONAL CREDIT
  N/A

LICENSE
  Creative Commons Attribution-ShareAlike License
  http://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFKvXhzjnMaVYUP4QRAh6bAKC6C4ZG/KkYsijeVnC2AuiwvG1O1wCeNePN
aVJsxgezSujUz7MNkJQavJ8=
=Is2h
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists