Re: Shopping Carts exposing CC data

[hevnsnt () BIGFOOT COM (hevnsnt)]

Sorry If already known, 1st post..

Even worse than this, check the Admin directory.. ugh.   Seems as though you
can configure the system without any type of password or authentication.
*sigh* x2

-hevn

----- Original Message -----
From: Joe <joe () GONZO BLARG NET>
To: <BUGTRAQ () netspace org>
Sent: Friday, April 23, 1999 7:15 PM
Subject: Re: Shopping Carts exposing CC data


> On Fri, 23 Apr 1999, Bo Elkjaer wrote:
>
> > This is my first post to Bugtraq so please bear with me for any errs
and/or
> > misconducts.
> >
> > I'd just like to point out, that Webcart is vulnerable too.
> >
> > Here goes:
> >
> >
> > Mountain Network Systems Inc. http://www.mountain-net.com
> > Platform: ?
> > Exposed Directories: /config, /orders (and others. They're all listed in
> > config-file)
> > Exposed Order Info: orders.txt
> > Exposed Config Info: mountain.cfg
> > Number of exposed installs: 18+ at a quick glance. Probably more.
> > PGP Option Available?: Unknown
> > Status: Commercial, ranging from $399 to $4650.
> >
> >
> > Bo Elkjaer, Denmark
>
> Confirmed it, sent a heads-up to mountain-net.  Worse, look for
> "import.txt" and "checks.txt"  Import.txt includes every order ever made
> on the site in a tab-delimited format.
>
> *sigh*
>
> --
> Joe H.                                  Technical Support
> General Support:  support () blarg net     Blarg! Online Services, Inc.
> Voice:  425/401-9821 or 888/66-BLARG    http://www.blarg.net