Re: Shopping Carts exposing CC data

From: Bo Elkjaer (booat_private)
Date: Sun Apr 25 1999 - 04:38:43 PDT

Next message: Valdis.Kletnieksat_private: "Re: stored credentials was: Netscape 4.5 vulnerability"

Previous message: William Devine II: "Re: FW: Shopping Carts exposing CC data (fwd from Mountain-Net"
Maybe in reply to: Joe: "Shopping Carts exposing CC data"
Next in thread: Bo Elkjaer: "Re: Shopping Carts exposing CC data"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Joe
Your CC-exposures are gaining momentum. Right now I'm only waiting for the
mainstream papers to catch up. I'm a journalist myself, working for one of
Denmarks largest newspapers, but my boss don't think this is interesting stuff.
Heh. Asshole.

Found out some more:

Cybercash 2.1.4 - http://www.cybercash.com
Platforms: Sparc?
Exposed directory: /smps-2.1.4-solaris-sparc/
Exposed orderinfo: Several files, as far as I can see. Many are located in the
/db/credit directory.
Whats worse: Exposed admin-password and configuration-files: admin.pw and
admin.conf.
Status: commercial.

I seem to remember that Cybercash was mentioned on this list a while ago because
of a bug in the debug configuration which meant that you couldn't disable full
debugging. Not sure though, and my memory has a record of leakages.

Bo Elkjaer, Denmark

Next message: Valdis.Kletnieksat_private: "Re: stored credentials was: Netscape 4.5 vulnerability"
Previous message: William Devine II: "Re: FW: Shopping Carts exposing CC data (fwd from Mountain-Net"
Maybe in reply to: Joe: "Shopping Carts exposing CC data"
Next in thread: Bo Elkjaer: "Re: Shopping Carts exposing CC data"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:43:52 PDT