Bugtraq mailing list archives

Re: Shopping Carts exposing CC data

From: joe () GONZO BLARG NET (Joe)
Date: Fri, 23 Apr 1999 17:15:00 -0700


On Fri, 23 Apr 1999, Bo Elkjaer wrote:

This is my first post to Bugtraq so please bear with me for any errs and/or
misconducts.

I'd just like to point out, that Webcart is vulnerable too.

Here goes:


Mountain Network Systems Inc. http://www.mountain-net.com
Platform: ?
Exposed Directories: /config, /orders (and others. They're all listed in
config-file)
Exposed Order Info: orders.txt
Exposed Config Info: mountain.cfg
Number of exposed installs: 18+ at a quick glance. Probably more.
PGP Option Available?: Unknown
Status: Commercial, ranging from $399 to $4650.


Bo Elkjaer, Denmark


Confirmed it, sent a heads-up to mountain-net.  Worse, look for
"import.txt" and "checks.txt"  Import.txt includes every order ever made
on the site in a tab-delimited format.

*sigh*

--
Joe H.                                  Technical Support
General Support:  support () blarg net     Blarg! Online Services, Inc.
Voice:  425/401-9821 or 888/66-BLARG    http://www.blarg.net

Current thread:

Re: Shopping Carts exposing CC data Bo Elkjaer (Apr 23)
- javascript hotmail password trap David L. Nicol (Apr 23)
- Re: Shopping Carts exposing CC data Joe (Apr 23)
- Discus advisory. Elaich Of Hhp (Apr 23)
  - Re: Discus advisory. Ian R. Justman (Apr 28)
    - Re: Discus advisory. Elaich Of Hhp (Apr 29)
  - X-based sniffer-netxmon Zhang Qianli (Apr 29)
    - Re: X-based sniffer-netxmon route () RESENTMENT INFONEXUS COM (Apr 29)
    - Re: X-based sniffer-netxmon Zhang Qianli (Apr 29)
    - Buffer overflow in ftpd and locate bug Sergey V. Kolychev (Apr 30)
    - Re: X-based sniffer-netxmon Corey Lindsly (Apr 29)
- <Possible follow-ups>
- Re: Shopping Carts exposing CC data hevnsnt (Apr 23)
- Re: Shopping Carts exposing CC data Bo Elkjaer (Apr 25)

(Thread continues...)