Bugtraq mailing list archives
WebShop advisory.
From: hhp () NS SUSPEND NET (Elaich Of Hhp)
Date: Thu, 22 Apr 1999 13:09:32 -0400
(hhp) WebShop advisory. (hhp) --------------------------------------------------------------------- Alright to my knowledge, there is another dangerous shop service if installed the right way. I contacted the vendor and notified the admin of the problem. I have the feeling this isnt all though. I'm almost posotive there are more dangerous shopping services out there that will be found very soon after all these posts get noticed. So for now I will look around, please dont flood my email and i'll repost if I find anything else. Please remember this does not mean there is a flaw in the service unless it is by defualt this is left readable on a clean instalation with no configuration files to modify the permissions. Also PGP options would illiminate most of the problems. Also please note I did not install this software, the info I have gathered was on the website and the vulnerable site was found by a search engine. Info: WebShop via http://www.inetlab.com/products.html Platforms: Windows 95/98/NT on Intel Linux on Intel or Sparc Solaris on Intel or Sparc FreeBSD 2.2 or smaller on Intel FreeBSD 3.0 on Intel BSDI/OS on Intel............... (Found vuln server.) Silicon Graphics Irix on MIPS.. (Found vuln server.) Executable: WebShop.cgi Exposed Directory: WebShop or webshop Exposed Order info: WebShop/templates/cc.txt and or WebShop/logs/cc.txt and ck.log Status: Free?, resale=$50?. Number of exposed installs found: 2+ PGP Option available?: Unknown. elaich - 4:16:15CST 4/22/1999 -------------------------------------------- elaich of the hhp. Email: hhp () hhp hemp net / pigspigs () yahoo com Voice: 1800-Rag-on-gH pin: The-hhp-crew Web: http://hhp.hemp.net --------------------------------------------
Current thread:
- Re: Bash Bug Andy Church (Apr 21)
- Re: Bash Bug Guy Cohen (Apr 22)
- WebShop advisory. Elaich Of Hhp (Apr 22)
- cold fusion scanner hYP0[13/\r (Apr 22)
- Re: Bash Bug Daniel Jacobowitz (Apr 22)
- Final Call for Papers - CQRE [Secure] networking Detlef Hühnlein (Apr 23)
- Ffingerd privacy issues Eilon Gishri (Apr 23)
- Re: Ffingerd privacy issues Felix von Leitner (Apr 23)
- Re: Ffingerd privacy issues Eilon Gishri (Apr 23)
- Re: Ffingerd privacy issues Dagmar d'Surreal (Apr 23)
- Re: Bash Bug Guy Cohen (Apr 22)
- Re: Bash Bug Ph. Rueegsegger (Apr 23)
- <Possible follow-ups>
- Re: Bash Bug Henrik Nordstrom (Apr 22)