home *** CD-ROM | disk | FTP | other *** search
/ Hackers Handbook - Millenium Edition / Hackers Handbook.iso / library / hack99 / perlshop.cc.txt < prev    next >
Encoding:
Internet Message Format  |  1999-04-28  |  607 b 
  1. Date: Tue, 27 Apr 1999 14:39:47 +0200
  2. From: Bo Elkjaer <boo@DATASHOPPER.DK>
  3. To: BUGTRAQ@netspace.org
  4. Subject: Re: Shopping Carts exposing CC data
  5.  
  6. Been doing some more searches for misconfigured webcarts exposing cc-information.
  7. Seems like a pandora's box, that just opened.
  8.  
  9. Perlshop is vulnerable too if misconfigured:
  10.  
  11. Version?
  12. Platforms?
  13. Executable file: perlshop.cgi
  14. Exposed directory: /store/customers/, /store/temp_customers/
  15. Exposed orderinfo: Several files, eight-digit numbered names.
  16. Status: adverware. Only requirement is to display a "powered by perlshop"-logo on
  17. page.
  18.  
  19.  
  20. Bo Elkjaer, Denmark
  21.  
  22.  
  23.