Vulnerability Development mailing list archives
Security holes in COWS (CGI Online Worldweb Shopping)
From: frog frog <leseulfrog () hotmail com>
Date: 21 Jan 2002 16:57:36 -0000
There is some holes in the CGI e-commerce service : COWS (CGI Online Worldweb Shopping). /diagnose.cgi and /compatible.cgi give some informations about the computer and all the files in the website directory. They can be used too for cross site scripting : /diagnose.cgi?<script>MALICIOUS SCRIPT</script> or /compatible.cgi?<script>MALICIOUS SCRIPT</script>. In the "cownsconf" directory, the file config.asc contains the crypted admin password (wich can be maybe used with cookies), the website location in HD, the "orders" directory, the "custdata" directory,... In the custdata directory are a few *.asc files. They contain user's informations : email, name, address, phone and password. The user's login is the file name. In the orders directory, the purchases of the members : Username, Date, Card Type, Card Expires, Card Valid, price,... To know what was bought, look the "item.1" value into /*cowsconfdir*/catalog.asc . Some details about all this (in french) here : http://www.bal-team.t2u.com/Tuts/Cows.txt . COWS has been warned. frog-m@n
Current thread:
- Security holes in COWS (CGI Online Worldweb Shopping) frog frog (Jan 21)