Bugtraq mailing list archives

Re: Shopping Carts exposing CC data

From: marascio () ECE UTEXAS EDU (Louis R. Marascio)
Date: Tue, 20 Apr 1999 20:18:26 -0500

Mercantec's SoftCart http://www.mercantec.com/
    Platform: Win32 (*Nix?)
    ...
    Number of exposed installs: 1
    PGP Option Available?: Unknown
    NOTES:

    This one has only been found vulnerable on ONE server. (user error?)

The

    encryption scheme on the storemgr.pw password is unrecognized by me

but

    I'm not an encryption guru.  Someone's bound to recognize it.


Make that two, I found it located on what appears to be a decently sized
regional hardware/computer sales site.

Louis

--
Louis R. Marascio
 marascio () ece utexas edu
 http://www.ece.utexas.edu/~marascio

Current thread:

Re: Bash Bug, (continued)
- - - Re: Bash Bug Chet Ramey (Apr 22)
    - L0pht Security Advisory: Cold Fusion App Server Weld Pond (Apr 21)
    - Re: Plain text passwords--necessary Densin Roy. (Apr 19)
    - Re: Plain text passwords--necessary Daniel Alex Finkelstein (Apr 19)
    - AOL Instant Messenger URL Crash Adam Brown (Apr 19)
    - Re: AOL Instant Messenger URL Crash Daniel Reed (Apr 20)
    - Shopping Carts exposing CC data Joe (Apr 19)
    - Re: Shopping Carts exposing CC data Joe (Apr 20)
    - Outlook 98 allows spoofing internal users Nate Lawson (Apr 20)
    - Re: Outlook 98 allows spoofing internal users Peter van Dijk (Apr 25)
    - Re: Shopping Carts exposing CC data Louis R. Marascio (Apr 20)
    - eBay password stealing with JavaScript Michael K. Sanders (Apr 20)
    - Re: eBay password stealing with JavaScript Paul Festa (Apr 21)
    - Bug in Linux Mount Jacek Konieczny (Apr 20)
    - Re: Bug in Linux Mount Meelis Roos (Apr 20)
- Re: Plain text passwords--necessary Steven M. Bellovin (Apr 19)
- Re: Plain text passwords--necessary Chris (Apr 19)
  - Re: Plain text passwords--necessary Tom Perrine (Apr 20)