SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Commerce)  >   CGI Online Worldweb Shopping (COWS) Vendors:   Surfnet Online Limited
CGI Online Worldweb Shopping (COWS) E-Commerce System Discloses User Information and Order Data to Remote Users and Also Permits Cross-site Scripting Attacks
SecurityTracker Alert ID:  1003309
SecurityTracker URL:  http://securitytracker.com/id/1003309
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 21 2002
Impact:   Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network
Exploit Included:  Yes  

Description:   Several vulnerabilities were reported in the CGI Online Worldweb Shopping (COWS) commerce system. The system discloses some critical information to remote users and the system enables cross-site scripting attacks.

It is reported that the /diagnose.cgi and /compatible.cgi scripts will disclose files in the web directory and information about the system to remote users.

A remote user can reportedly obtain the 'config.asc' file from the 'cownsconf' directory, which contains the encrypted admin password and the location of the web root directory and other critical directories (e.g., 'orders', 'custdata'). A remote user can apparently view *.asc files in the 'custdata' directory containing user information (e.g., e-mail address, name, postal address, phone number, password). A remote user can apparently view information about previous orders (e.g., username, date, card type, card expiration data, price) in the 'orders' directory.

These scripts also reportedly allow a remote user to supply malicious scripts as part of a cross-site scripting attack. The following type of URLs can be used to execute scripts on the viewing user's browser:

/diagnose.cgi?<script>MALICIOUS SCRIPT</script>

/compatible.cgi?<script>MALICIOUS SCRIPT</script>

The vendor has reportedly been notified.

Impact:   A remote user can view files on the system that contain critical and sensitive information. A remote user can also conduct cross-site scripting attacks using the web site so that arbitrary code appearing to originate from the commerce web site can be executed on another user's browser, where the code can access the other user's cookies associated with the commerce site.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.cows.co.uk/ (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)
Underlying OS Comments:  Perl-based

Message History:   None.


 Source Message Contents

Subject:  Security holes in COWS (CGI Online Worldweb Shopping)




There is some holes in the CGI e-commerce 
service : COWS (CGI Online Worldweb Shopping).
/diagnose.cgi and /compatible.cgi give some 
informations about the computer
and all the files in the website directory.
They can be used too for cross site scripting :
/diagnose.cgi?&lt;script&gt;MALICIOUS SCRIPT&lt;/script&gt;
or
/compatible.cgi?&lt;script&gt;MALICIOUS 
SCRIPT&lt;/script&gt;.

In the &quot;cownsconf&quot; directory, the file config.asc 
contains the crypted admin password
(wich can be maybe used with cookies), the website 
location in HD, the &quot;orders&quot; directory,
the &quot;custdata&quot; directory,...

In the custdata directory are a few *.asc files.
They contain user's informations :
email, name, address, phone and password.
The user's login is the file name.

In the orders directory, the purchases of the 
members :
Username, Date, Card Type, Card Expires, Card 
Valid, price,...
To know what was bought, look the &quot;item.1&quot; value 
into /*cowsconfdir*/catalog.asc .

Some details about all this (in french) here : 
http://www.bal-team.t2u.com/Tuts/Cows.txt .

COWS has been warned.

frog-m@n

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC