SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Commerce)  >   PDshopPro Vendors:   PageDown Technology
PDshopPro Shopping Cart Discloses Database to Remote Users
SecurityTracker Alert ID:  1016852
SecurityTracker URL:  http://securitytracker.com/id/1016852
CVE Reference:   CVE-2006-5197   (Links to External Site)
Updated:  Oct 20 2006
Original Entry Date:  Sep 15 2006
Impact:   Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  

Description:   supermalhacao of spykids reported a configuration vulnerability in PDshopPro. A remote user can download the database.

When the system is not properly configured, a remote user can request the following type of resources to access the underlying shopping cart database:

/pdshoppro.mdb

/data/pdshoppro.mdb

/shoppro/data/pdshoppro.mdb

[Editor's note: The vendor's documentation clearly indicates that the database file should be protected using web server access controls. Only systems that have failed to properly configure web server access controls on the database file are affected.]

Impact:   A remote user can view the underlying database.
Solution:   The vendor's documentation recommends that the 'data' directory be a private or secure directory. Only sites that are not properly configured are affected.
Vendor URL:  www.pagedowntech.com/products/ (Links to External Site)
Cause:   Configuration error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Vulnerabilit PDshop Shopping Cart & Store

Vulnerabilit PDshop Shopping Cart & Store

Vendor Confirmed:  Yes

Platforms: Web Server for Windows 98/NT/2000/XP

Complet system ecommerce 

Download mdb server no protection

/pdshoppro.mdb

/data/pdshoppro.mdb

/shoppro/data/pdshoppro.mdb

Download MDBS protection criptografia

supermalhacao@terra.com.br

#spykids

irc.GigaChat.net

 
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC