Bugtraq mailing list archives
Re: Back Door in Commercial Shopping Cart
From: anik () IFDO PUGMARKS COM (Anik)
Date: Thu, 13 Apr 2000 18:13:54 -0400
t's been a while since I have looked at the dansie shopping script (almost a year now). As I remember it, the program also required you (or at least strongly encouraged) making the script world writeable. As I no longer have access to the script, I can't double check. This reinforces the copy protection theory, but also allows a potential attacker to do other interesting things to the script with much ease. Anik On Tue, Apr 11, 2000 at 05:24:06PM -0700, Joe wrote:
Trojanized Commercial Shopping Cart =============================================================== Dansie Shopping Cart Version : 3.04 (presumably earlier versions as well) Author : Craig Dansie URL : http://www.dansie.net/ Language : Perl (both NT and Unix platforms are vulnerable) License : Commercial, starting at $150.00 Copyright Dec 10, 1997-2000, Dansie Website Design Synopsis : This program -deliberately- allows arbitrary commands to be executed on the victim server.
[snip]
-- Joe Technical Support General Support: support () blarg net Blarg! Online Services, Inc. Voice: 425/401-9821 or 888/66-BLARG http://www.blarg.net
Current thread:
- Back Door in Commercial Shopping Cart Joe (Apr 11)
- Performance Copilot for IRIX 6.5 Marcelo Magnasco (Apr 12)
- Microsoft Security Bulletin (MS00-024) Microsoft Product Security (Apr 12)
- Re: Back Door in Commercial Shopping Cart Luciano Ramos (Apr 13)
- [TL-Security-Announce] PAM and usermode TLSA2000009-1 Katie Moussouris (Apr 14)
- Re: Back Door in Commercial Shopping Cart Luciano Ramos (Apr 14)
- Re: Back Door in Commercial Shopping Cart [Stormer Hosting] Dan Kaminsky (Apr 14)
- New DOS on Interscan NT/3.32 Alain Thivillon (Apr 17)
- Re: Back Door in Commercial Shopping Cart [RESOLVED] Dan Kaminsky (Apr 17)
- Re: Back Door in Commercial Shopping Cart Pete Holsberg (Apr 13)
- Re: Back Door in Commercial Shopping Cart Anik (Apr 13)
- more problems with that POS dansie cart software! tombow (Apr 14)
- Re: more problems with that POS dansie cart software! Randy Janinda (Apr 14)
- nmh-1.0.4 released Dan Harkless (Apr 14)
- xfs Michal Zalewski (Apr 16)
- StarOffice 5.1 Michal Zalewski (Apr 16)
- XFree86 server overflow Michal Zalewski (Apr 16)
- XFree86 server overflow - exploit issues Michal Zalewski (Apr 16)
- Reappearance of an old IE security bug Ben Mesander (Apr 16)
- Re: Reappearance of an old IE security bug Vladimir Dubrovin (Apr 17)
- Announcing: Solaris Fingerprint Database (sfpDB) on SunSolve Casper Dik (Apr 17)