Security holes in COWS (CGI Online Worldweb Shopping)
From: frog frog (leseulfrog@hotmail.com)Date: 01/21/02
- Previous message: Todd C. Miller: "Re: sudo segfaults on SIGINT during auth"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 21 Jan 2002 16:57:36 -0000 From: frog frog <leseulfrog@hotmail.com> To: vuln-dev@securityfocus.com('binary' encoding is not supported, stored as-is)
There is some holes in the CGI e-commerce
service : COWS (CGI Online Worldweb Shopping).
/diagnose.cgi and /compatible.cgi give some
informations about the computer
and all the files in the website directory.
They can be used too for cross site scripting :
/diagnose.cgi?<script>MALICIOUS SCRIPT</script>
or
/compatible.cgi?<script>MALICIOUS
SCRIPT</script>.
In the "cownsconf" directory, the file config.asc
contains the crypted admin password
(wich can be maybe used with cookies), the website
location in HD, the "orders" directory,
the "custdata" directory,...
In the custdata directory are a few *.asc files.
They contain user's informations :
email, name, address, phone and password.
The user's login is the file name.
In the orders directory, the purchases of the
members :
Username, Date, Card Type, Card Expires, Card
Valid, price,...
To know what was bought, look the "item.1" value
into /*cowsconfdir*/catalog.asc .
Some details about all this (in french) here :
http://www.bal-team.t2u.com/Tuts/Cows.txt .
COWS has been warned.
frog-m@n
- Previous message: Todd C. Miller: "Re: sudo segfaults on SIGINT during auth"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
