Bugtraq mailing list archives
Re: Shopping Carts exposing CC data
From: joe () GONZO BLARG NET (Joe)
Date: Fri, 23 Apr 1999 17:15:00 -0700
On Fri, 23 Apr 1999, Bo Elkjaer wrote:
This is my first post to Bugtraq so please bear with me for any errs and/or misconducts. I'd just like to point out, that Webcart is vulnerable too. Here goes: Mountain Network Systems Inc. http://www.mountain-net.com Platform: ? Exposed Directories: /config, /orders (and others. They're all listed in config-file) Exposed Order Info: orders.txt Exposed Config Info: mountain.cfg Number of exposed installs: 18+ at a quick glance. Probably more. PGP Option Available?: Unknown Status: Commercial, ranging from $399 to $4650. Bo Elkjaer, Denmark
Confirmed it, sent a heads-up to mountain-net. Worse, look for "import.txt" and "checks.txt" Import.txt includes every order ever made on the site in a tab-delimited format. *sigh* -- Joe H. Technical Support General Support: support () blarg net Blarg! Online Services, Inc. Voice: 425/401-9821 or 888/66-BLARG http://www.blarg.net
Current thread:
- Re: Shopping Carts exposing CC data Bo Elkjaer (Apr 23)
- javascript hotmail password trap David L. Nicol (Apr 23)
- Re: Shopping Carts exposing CC data Joe (Apr 23)
- Discus advisory. Elaich Of Hhp (Apr 23)
- Re: Discus advisory. Ian R. Justman (Apr 28)
- Re: Discus advisory. Elaich Of Hhp (Apr 29)
- X-based sniffer-netxmon Zhang Qianli (Apr 29)
- Re: X-based sniffer-netxmon route () RESENTMENT INFONEXUS COM (Apr 29)
- Re: X-based sniffer-netxmon Zhang Qianli (Apr 29)
- Buffer overflow in ftpd and locate bug Sergey V. Kolychev (Apr 30)
- Re: X-based sniffer-netxmon Corey Lindsly (Apr 29)
- Re: Discus advisory. Ian R. Justman (Apr 28)
- <Possible follow-ups>
- Re: Shopping Carts exposing CC data hevnsnt (Apr 23)
- Re: Shopping Carts exposing CC data Bo Elkjaer (Apr 25)