Bugtraq mailing list archives
Re: more problems with that POS dansie cart software!
From: randy.janinda () NDCORP COM (Randy Janinda)
Date: Fri, 14 Apr 2000 12:41:33 -0400
On Fri, Apr 14, 2000 at 11:09:47AM -0400, tombow decided:
if installing a backdoor in the cart software wasn't bad enough.. the whole implimentation of pricing and adding items to cart is crap.. example form to add items to your cart (kindly provided on the publishers site using the demo cart they set up for us): *snip* I am aware this was posted a few months ago but I don't recall anyone posting in relation to this particular software package.. tom
I too have looked at the software and would like to add my findings: There are numerous variables you can add to the URL to retrieve interesting information: (http://www.domain.com/cgi-bin/cart.pl?xxx) where xxx = vars - will give you the setup variables for the software, an interesting thing to note is about 3/4 down the page is a login ID and security (password) for CC transactions? env - lists environment variables and my personal favorite db - Let me explain this one a bit this works differently on the numberous versions. So do a 'vars' and look for a string called "query_separator" (usually a | or =). Then do this site.com/path-to/cart.pl?db|filename|All%20Items (i.e http://www.target.com/cgi-bin/cart.pl?db|cart.pl|All%20Items) This will open the file for reading.. I haven't got it to successfully open things in "recursive" paths (i.e ../../../etc/passwd), but it does seem to indicate if a certain file exists of not. Also of note: the All%20Items part can be substituted by your favorite HTML tags, to create a custom viewing experience ;) Have fun. -- Randy Janinda
Current thread:
- Microsoft Security Bulletin (MS00-024), (continued)
- Microsoft Security Bulletin (MS00-024) Microsoft Product Security (Apr 12)
- Re: Back Door in Commercial Shopping Cart Luciano Ramos (Apr 13)
- [TL-Security-Announce] PAM and usermode TLSA2000009-1 Katie Moussouris (Apr 14)
- Re: Back Door in Commercial Shopping Cart Luciano Ramos (Apr 14)
- Re: Back Door in Commercial Shopping Cart [Stormer Hosting] Dan Kaminsky (Apr 14)
- New DOS on Interscan NT/3.32 Alain Thivillon (Apr 17)
- Re: Back Door in Commercial Shopping Cart [RESOLVED] Dan Kaminsky (Apr 17)
- Re: Back Door in Commercial Shopping Cart Pete Holsberg (Apr 13)
- Re: Back Door in Commercial Shopping Cart Anik (Apr 13)
- more problems with that POS dansie cart software! tombow (Apr 14)
- Re: more problems with that POS dansie cart software! Randy Janinda (Apr 14)
- nmh-1.0.4 released Dan Harkless (Apr 14)
- xfs Michal Zalewski (Apr 16)
- StarOffice 5.1 Michal Zalewski (Apr 16)
- XFree86 server overflow Michal Zalewski (Apr 16)
- XFree86 server overflow - exploit issues Michal Zalewski (Apr 16)
- Reappearance of an old IE security bug Ben Mesander (Apr 16)
- Re: Reappearance of an old IE security bug Vladimir Dubrovin (Apr 17)
- Announcing: Solaris Fingerprint Database (sfpDB) on SunSolve Casper Dik (Apr 17)
- Re: XFree86 server overflow Olaf Kirch (Apr 17)
- Re: XFree86 server overflow Valentin Pavlov (Apr 17)