On Fri, Apr 14, 2000 at 11:09:47AM -0400, tombow decided:
> if installing a backdoor in the cart software wasn't bad enough.. the
> whole implimentation of pricing and adding items to cart is crap..
>
> example form to add items to your cart (kindly provided on the publishers
> site using the demo cart they set up for us):
>
> *snip*
>
> I am aware this was posted a few months ago but I don't recall anyone
> posting in relation to this particular software package..
>
> tom
I too have looked at the software and would like to add my findings:
There are numerous variables you can add to the URL to retrieve interesting
information:
(http://www.domain.com/cgi-bin/cart.pl?xxx) where xxx =
vars - will give you the setup variables for the software, an interesting thing
to note is about 3/4 down the page is a login ID and security (password) for CC
transactions?
env - lists environment variables
and my personal favorite
db - Let me explain this one a bit
this works differently on the numberous versions. So do a 'vars' and look for a
string called "query_separator" (usually a | or =). Then do this
site.com/path-to/cart.pl?db|filename|All%20Items (i.e
http://www.target.com/cgi-bin/cart.pl?db|cart.pl|All%20Items)
This will open the file for reading.. I haven't got it to successfully open
things in "recursive" paths (i.e ../../../etc/passwd), but it does seem to
indicate if a certain file exists of not.
Also of note:
the All%20Items part can be substituted by your favorite HTML tags, to create a
custom viewing experience ;)
Have fun.
--
Randy Janinda
