SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Commerce)  >   a.shopKart Vendors:   URLogy
a.shopKart Default Installation Discloses Database to Remote Users
SecurityTracker Alert ID:  1009549
SecurityTracker URL:  http://securitytracker.com/id/1009549
CVE Reference:   CVE-2006-2823   (Links to External Site)
Updated:  Jun 9 2006
Original Entry Date:  Mar 24 2004
Impact:   Disclosure of authentication information, Disclosure of system information, Disclosure of user information
Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 2.0
Description:   CyberTalon reported a configuration vulnerability in a.shopKart in the default installation. A remote user can download the database, including user and credit card information.

It is reported that the default installation places the shopping cart database in the 'admin' directory in the web document directory. A remote user can download the database with the following type of URL:

http://[target]/admin/scart.mdb

Impact:   A remote user can download the shopping cart database to obtain user information, including credit card numbers.
Solution:   The vendor's installation instructions note that the administrator should restrict access to the admin folder.
Vendor URL:  www.urlogy.com/asp/ashopkart.asp (Links to External Site)
Cause:   Access control error, Configuration error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  a.shopKart 2.0 lets remote users download the database


            a.shopKart 2.0 lets remote users download the database
                           Found by: CyberTalon

1. Problem
2. Exploit
3. Info

1. a.shopKart 2.0 lets remote users download the database which contains creditcard 
numbers and information, plus more.

2. www.site.com/admin/scart.mdb

3. Vendor URL: http://www.urlogy.com/asp/ashopkart.asp

-CT

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC