Re: FW: Shopping Carts exposing CC data (fwd from Mountain-Net

[wdevine () BLUEGATE COM (William Devine II)]

Mountain Network Systems (www.mountain-net.com) makers of the
WebCart system is a customer of ours.  I received email from him after
forwarding a copy of the messages on the bugtraq re: webcart.
This is a reply I received from him.

william

Forwarded message:
> From support () mountain-net com  Sat Apr 24 07:12:51 1999
> Date: Sat, 24 Apr 1999 07:11:41 -0500
> To: "William Devine, II" <william () crescentcon com>
> X-UIDL: 924983340.009
> From: support () mountain-net com
> Subject: Re: FW: Shopping Carts exposing CC data
>
> Hi William,
>
> Can you tell me where the signup is or just post this message.
>
> Good Day,
>
> We noticed your comment regarding one of our systems. Please be informed
> that we clearly state in the manuals how to secure your website when using
> the WebCart(r) system. If the website owner elects not to take these steps
> information will be exposed. This is not a reflection of the software but
> the level of protection the website/store owner wants to give their clients.
>
> In terms of professional conduct, if you find issues such as these you
> should contact the store owner and inform them of this. Not post their
> website to everyone in a mailist. You should also make sure you have all
> related information prior to making such a bold statement. You have clearly
> not read or had access to the manuals which describe in detail the steps to
> take to
> avoid this issue.
>
> Best Regards,
> Dan
>
> At 17:07 4/23/99 -0500, you wrote:
> > -----Original Message-----
> > From: Bugtraq List [mailto:BUGTRAQ () netspace org] On Behalf Of Bo Elkjaer
> > Sent: Friday, April 23, 1999 4:15 PM
> > To: BUGTRAQ () netspace org
> > Subject: Re: Shopping Carts exposing CC data
> >
> >
> > This is my first post to Bugtraq so please bear with me for any errs and/or
> > misconducts.
> >
> > I'd just like to point out, that Webcart is vulnerable too.
> >
> > Here goes:
> >
> >
> > Mountain Network Systems Inc. http://www.mountain-net.com
> > Platform: ?
> > Exposed Directories: /config, /orders (and others. They're all listed in
> > config-file)
> > Exposed Order Info: orders.txt
> > Exposed Config Info: mountain.cfg
> > Number of exposed installs: 18+ at a quick glance. Probably more.
> > PGP Option Available?: Unknown
> > Status: Commercial, ranging from $399 to $4650.
> >
> >
> > Bo Elkjaer, Denmark
>
> ------------------------------------------------------
> Mountain Network Systems, Inc.     (281) 373-1196
> P.O. Box 1362                      Cypress, TX 77429          
> "Your Internet Programming Source"
>
> http://www.mountain-net.com           
> http://www.inet-domains.net
> http://www.webstores.net
>
>              ------------------------------
> Sales:       sales () mountain-net com
> Support:     support () mountain-net com
>              ------------------------------
>
> Specialist in Advanced Internet Systems . . . making your
> website work for you all day everyday.
>
> Economist estimate a $200 billion online market by the
> year 2000.  Now is the time to transform your website
> into a profit center!
> ------------------------------------------------------