Multiple Vendor e-commerce Shopping Cart Information Disclosure Vulnerability
BID:2299
Info
Multiple Vendor e-commerce Shopping Cart Information Disclosure Vulnerability
| Bugtraq ID: | 2299 |
| Class: | Environment Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 19 1999 12:00AM |
| Updated: | May 31 2007 07:01PM |
| Credit: | Reported to bugtraq by Joe <[email protected]> on Mon Apr 19, 1999. |
| Vulnerable: |
Selena Sol WebStore 1.0 Seaside Enterprises EZMall 2000.0 Quikstore Quikstore 2.11 Quikstore Quikstore 2.10.5 Quikstore Quikstore 2.9.10 Quikstore Quikstore 2.9.5 Quikstore Quikstore 2.0 Quikstore Quikstore 1.0 Perlshop Pershop 0 PDGSoft Shopping Cart 1.50 Order Form Order Form 1.2 Mountain Network Systems Inc. WebCart 1.0 Mercantec SoftCart 1.0 Cybercash Cybercash 2.4.1 |
| Not Vulnerable: | |
Discussion
Multiple Vendor e-commerce Shopping Cart Information Disclosure Vulnerability
Multiple ecommerce products are prone to an information-disclosure issue.
The affected packages may not have been properly configured and maintained. Key records are created unencrypted and world-readable. As a result, an attacker exploiting this vulnerability will be able to obtain detailed private customer information, including credit card numbers, order details, addresses, telephone numbers, etc.
Multiple ecommerce products are prone to an information-disclosure issue.
The affected packages may not have been properly configured and maintained. Key records are created unencrypted and world-readable. As a result, an attacker exploiting this vulnerability will be able to obtain detailed private customer information, including credit card numbers, order details, addresses, telephone numbers, etc.
Exploit / POC
Multiple Vendor e-commerce Shopping Cart Information Disclosure Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
Multiple Vendor e-commerce Shopping Cart Information Disclosure Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
Multiple Vendor e-commerce Shopping Cart Information Disclosure Vulnerability
References:
References:
- Merchant Order Form - WebWare (The Rainbow Garden)
- PDGSoft's PDG Shopping Cart (PDGSoft)
- QuikStore Web Page (QuikStore)
- Seaside Enterprises EZMall 2000 (Seaside Enterprises EZMall 2000)
- Vendor Homepage (Mercantec)
- WebStore Product Homepage (Extropia)