Security holes in COWS (CGI Online Worldweb Shopping)

From: frog frog (leseulfrogat_private)
Date: Mon Jan 21 2002 - 08:57:36 PST

Next message: Kurt Seifried: "KSSA-003 - Multiple windows file wiping utilities do not properly wipe data with NTFS"

Previous message: Todd C. Miller: "Re: sudo segfaults on SIGINT during auth"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) There is some holes in the CGI e-commerce service : COWS (CGI Online Worldweb Shopping). /diagnose.cgi and /compatible.cgi give some informations about the computer and all the files in the website directory. They can be used too for cross site scripting : /diagnose.cgi?<script>MALICIOUS SCRIPT</script> or /compatible.cgi?<script>MALICIOUS SCRIPT</script>. In the "cownsconf" directory, the file config.asc contains the crypted admin password (wich can be maybe used with cookies), the website location in HD, the "orders" directory, the "custdata" directory,... In the custdata directory are a few *.asc files. They contain user's informations : email, name, address, phone and password. The user's login is the file name. In the orders directory, the purchases of the members : Username, Date, Card Type, Card Expires, Card Valid, price,... To know what was bought, look the "item.1" value into /*cowsconfdir*/catalog.asc . Some details about all this (in french) here : http://www.bal-team.t2u.com/Tuts/Cows.txt . COWS has been warned. frog-m@n

Next message: Kurt Seifried: "KSSA-003 - Multiple windows file wiping utilities do not properly wipe data with NTFS"
Previous message: Todd C. Miller: "Re: sudo segfaults on SIGINT during auth"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jan 21 2002 - 10:40:27 PST