Bugtraq mailing list archives
Team Asylum: iHTML Merchant Vulnerabilities
From: security () TEAM-ASYLUM COM (Team Asylum)
Date: Tue, 28 Sep 1999 21:06:20 -0400
Team Asylum Security Copyright (c) 1999 By CyberSpace 2000 http://www.team-asylum.com Source: Dave M. (davem () cyberspace2000 com) Advisory Date: 09/16/1999 Affected -------- All known released versions of the iHTML Merchant for Unix/Windows 95/98/NT. Product Description ------------------- iHTML Merchant, written by Inline Internet Systems Inc., is an e-commerce solution programmed in iHTML which allows complicated web programming tasks to be done by anyone with basic knowledge of HTML and their web server of choice. Over 2,700 online merchants run iHTML Merchant. In turn, they can run dozens more stores off that single product. For more details about this product visit, http://www.ihtmlmerchant.com or see Inline's site at: http://www.inline.net. Vulnerability Summary --------------------- Team Asylum has discovered a vulnerability that exists in iHTML Merchant which would allow a malicious hacker to (at the very least) view the protected files in the website's administrative section, giving the attacker the ability to view credit card information. If the iHTML Merchant is being run on Windows 95/98/NT the vulnerability is much more severe. The vulnerability exists in how iHTML Merchant parses code. The attacker could: 1) Delete any file on the server 2) Write a file to any folder on the server. 3) Upload a trojan. 4) Steal credit card numbers, and other hidden information. If the iHTML Merchant is being run on UNIX, the possibility exists that the web site could be altered. These findings reflect the default settings for 95/98/NT and iHTML Merchant. Fix --- Below is a temporary fix that can be integrated with iHTML Merchant. <!--- http://www.team-asylum.com --> <iEQ name="brac" value=<iSTRIN SRC=":email" DST="<">> <iIF NOTCOND=<iSTRNICMP SRC=:brac DST="0">> For security reasons, your message was not sent.<br>Please verify that you entered your email address correctly, by going <a href="javascript:history.back(1)">back</a><br> <iinclude name="template/footer.ihtml"> <iSTOP> </iIF> <!--- Fix by: Dave Meehan --> Final Notes ----------- This vulnerability exists because of the way the iHTML Merchant was written but is compounded by faulty NT security settings. Team Asylum has notified Inline Internet Systems but have received no response whatsoever.
Current thread:
- [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Marc SPARC (Sep 23)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Tymm Twillman (Sep 26)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Solar Designer (Sep 27)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Dan Astoorian (Sep 27)
- ufsdump problem under Solaris 2.6 with ufs.c posix (Sep 27)
- Re: ufsdump problem under Solaris 2.6 with ufs.c Carson Gaspar (Sep 29)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Sean-Paul Rees (Sep 27)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Valdis.Kletnieks () VT EDU (Sep 27)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Alan Cox (Sep 28)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Mike Iglesias (Sep 28)
- Team Asylum: iHTML Merchant Vulnerabilities Team Asylum (Sep 28)
- Team Asylum: Yahoo! Messenger DoS Team Asylum (Sep 28)
- Sun's TTSESSION Vulnerability Bauer, Rich (Sep 29)
- Re: Sun's TTSESSION Vulnerability Richard L. Goerwitz (Sep 29)
- WWWBoard Elias Levy (Sep 29)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Sylvain Robitaille (Sep 29)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Dan Astoorian (Sep 29)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Sylvain Robitaille (Sep 29)
- Historical Bugtraq Question Alfred Huger (Sep 30)
- Microsoft Security Bulletin (MS99-041) Aleph One (Sep 30)
- mini-sql Buffer Overflow gregory duchemin (Sep 30)
- ufsdump problem under Solaris 2.6 with ufs.c posix (Sep 27)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Tymm Twillman (Sep 26)