Sorry If already known, 1st post.. Even worse than this, check the Admin directory.. ugh. Seems as though you can configure the system without any type of password or authentication. *sigh* x2 -hevn ----- Original Message ----- From: Joe <joeat_private> To: <BUGTRAQat_private> Sent: Friday, April 23, 1999 7:15 PM Subject: Re: Shopping Carts exposing CC data > On Fri, 23 Apr 1999, Bo Elkjaer wrote: > > > This is my first post to Bugtraq so please bear with me for any errs and/or > > misconducts. > > > > I'd just like to point out, that Webcart is vulnerable too. > > > > Here goes: > > > > > > Mountain Network Systems Inc. http://www.mountain-net.com > > Platform: ? > > Exposed Directories: /config, /orders (and others. They're all listed in > > config-file) > > Exposed Order Info: orders.txt > > Exposed Config Info: mountain.cfg > > Number of exposed installs: 18+ at a quick glance. Probably more. > > PGP Option Available?: Unknown > > Status: Commercial, ranging from $399 to $4650. > > > > > > Bo Elkjaer, Denmark > > > > Confirmed it, sent a heads-up to mountain-net. Worse, look for > "import.txt" and "checks.txt" Import.txt includes every order ever made > on the site in a tab-delimited format. > > *sigh* > > -- > Joe H. Technical Support > General Support: supportat_private Blarg! Online Services, Inc. > Voice: 425/401-9821 or 888/66-BLARG http://www.blarg.net
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:43:43 PDT