vuln to XSS too.. http://www.earlyimpact.com/productcart/build_to_order/productcart/pcadmin/manageCategories.asp
----- Original Message ----- From: "gyrniff" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, July 05, 2003 10:37 AM Subject: Re: [Full-Disclosure] [Vulnerability] : ProductCart database file can be downloaded remotely > URL: > http://www.earlyimpact.com/productcart/build_to_order/productcart/pcadmin/Orddetails.asp?id=239 > Change the name Paul to Paul' > > Microsoft OLE DB Provider for ODBC Drivers > error '80040e14' > [Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in > query expression ''Paul'',lastName='Smith',customerCompany='Early Impact', > address='3226 Colorado Ave', city='Santa Monica', zip='90004', > stateCode='CA', CountryCode='US', phone='949 452 0062' WHERE idCustomer=115'. > /productcart/build_to_order/productcart/pcadmin/processOrder.asp, line 36 > > have a nice weekend ;-) > > On Saturday 05 July 2003 22:07, Tri Huynh wrote: > > ProductCart database file can be downloaded remotely > > ================================================= > > > > PROGRAM: ProductCart > > HOMEPAGE: http://www.earlyimpact.com/productcart/ > > VULNERABLE VERSIONS: 1.0 to 2.0 > > RISK: High > > > > > > DESCRIPTION > > ================================================= > > > > ProductCart� is an ASP shopping cart that combines sophisticated > > ecommerce features with time-saving store management tools and remarkable > > ease of use. It is widely used by many e-commerce sites. > > > > DETAILS > > ================================================= > > > > In the default installation, product cart database file is located at > > /productcart/database/EIPC.mdb which can be accessed easily > > by any remote attackers. > > > > Sample: http://victimhost/productcart/database/EIPC.mdb > > > > The database file includes the store administration password as well as > > customer's info (including credit card info). > > > > > > WORKAROUND > > ================================================= > > > > Rename the database file, put it in a protected directory. > > > > > > CREDITS > > ================================================= > > > > Discovered by Tri Huynh from Sentry Union > > > > > > DISLAIMER > > ================================================= > > > > The information within this paper may change without notice. Use of > > this information constitutes acceptance for use in an AS IS condition. > > There are NO warranties with regard to this information. In no event > > shall the author be liable for any damages whatsoever arising out of > > or in connection with the use or spread of this information. Any use > > of this information is at the user's own risk. > > > > > > FEEDBACK > > ================================================= > > > > Please send suggestions, updates, and comments to: [EMAIL PROTECTED] > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
