Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Back Door in Commercial Shopping Cart

From: anik () IFDO PUGMARKS COM (Anik)
Date: Thu, 13 Apr 2000 18:13:54 -0400

t's been a while since I have looked at the dansie shopping script (almost a
year now). As I remember it, the program also required you (or at least
strongly encouraged) making the script world writeable. As I no longer have
access to the script, I can't double check.
This reinforces the copy protection theory, but also allows a potential
attacker to do other interesting things to the script with much ease.
Anik

On Tue, Apr 11, 2000 at 05:24:06PM -0700, Joe wrote:

Trojanized Commercial Shopping Cart
===============================================================

Dansie Shopping Cart

Version  : 3.04 (presumably earlier versions as well)
Author   : Craig Dansie
URL      : http://www.dansie.net/
Language : Perl (both NT and Unix platforms are vulnerable)
License  : Commercial, starting at $150.00
           Copyright Dec 10, 1997-2000, Dansie Website Design


Synopsis : This program -deliberately- allows arbitrary commands to be
           executed on the victim server.


[snip]


--
Joe                                     Technical Support
General Support:  support () blarg net     Blarg! Online Services, Inc.
Voice:  425/401-9821 or 888/66-BLARG    http://www.blarg.net
Previous By Date Next
Previous By Thread Next

Current thread: