SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Commerce)  >   MyCart Vendors:   Rosenet Internet Services
MyCart Discloses Configuration File to Remote Users
SecurityTracker Alert ID:  1012752
SecurityTracker URL:  http://securitytracker.com/id/1012752
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 3 2005
Impact:   Disclosure of authentication information, Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Security .Net Information reported a vulnerability in MyCart. A remote user can view the configuration file.

A remote user can directly request the 'settings.ini' file, which includes database passwords and other potentially sensitive system information.

Some demonstration exploit URLs are provided:

http://[target]/cart/settings.ini
http://[target]/path_to_cart/settings.ini

Impact:   A remote user can access the shopping cart configuration file.
Solution:   A fixed version (version as of March 19, 2001) is available at:

http://glandrake.com/scripts/php/rosenet/mod2_cart.tgz

[Editor's note: It is not clear if the original Rosenet Internet Services version contains the vulnerability or if the vulnerability was introduced in a 3rd party modification. The Rosenet site now points to AppIdeas. The version (2.0) available from AppIdeas does not contain a 'settings.ini' file and, therefore, is not affected.]

Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  MyCart Discloses settings information to Remote Users


Security .Net Information Advisore 
snilabs@gmail.com

General:

MyCart Discloses settings information to Remote Users 

Problem Description:

MyCart Discloses settings information to Remote Users in the file settings.ini
This file  contains in plain text (O_O):

Information about company
Web Address and email addrress
Info of path Mycart
Database info included Hostname Username Password and more
Credit Card info
... plus more.

ej:

Company Name:=:$gCompany:=:XXXX (for Privacity)
Address Line 1:=:$gAddress1:=:XXXX (for Privacity)
Web Address:=:$gWeb:=:XXXX (for Privacity)k
Email Address:=:$gEmail:=:XXXX (for Privacity)
WebSite Hostname:=:$gWebSiteHost:=:XXXX (for Privacity)
Relative Cart Root:=:$gRelCartRoot:=:XXXX (for Privacity)
Absolute Cart Root:=:$gAbsCartRoot:=:XXXX (for Privacity)
Relative Cart Pictures:=:$gRelCartPics:=:XXXX (for Privacity)
Absolute Cart Pictures:=:$gAbsCartPics:=:XXXX (for Privacity)
Database Hostname:=:$gDBHost:=:XXXX (for Privacity)
Database Username:=:$gDBUser:=:XXXX (for Privacity)
Database Password:=:$gDBPass:=:XXXX (for Privacity)
Database Name:=:$gDBName:=:XXXX (for Privacity)

Proof Of Concept:

the file settings.ini can downloaded from remote users:

http://target.com/cart/settings.ini
http://target.com/path_to_cart/settings.ini

the info is in plain text (lol)

Sumary:

Discovered: 30 / 21 / 2004
Vendor Contacted: yes but not response
Public: 01 / 01 / 2005

Greetz: mm nothing greetz only for : Santa Cruz - Argentina :P , sorry
foor my poor english
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC