Can somebody find a Shopping Cart that does NOT expose customer credit card data? Perlshop (www.arpanet.com/PerlShop) is also vulnerable; add another one to the growing list of e-commerce products.
5c44b4ddbe285c59f6bda948f7cbf194a152852eada3cb25dd9bc4badadc2c38
Date: Tue, 27 Apr 1999 14:39:47 +0200
From: Bo Elkjaer <boo@DATASHOPPER.DK>
To: BUGTRAQ@netspace.org
Subject: Re: Shopping Carts exposing CC data
Been doing some more searches for misconfigured webcarts exposing cc-information.
Seems like a pandora's box, that just opened.
Perlshop is vulnerable too if misconfigured:
Version?
Platforms?
Executable file: perlshop.cgi
Exposed directory: /store/customers/, /store/temp_customers/
Exposed orderinfo: Several files, eight-digit numbered names.
Status: adverware. Only requirement is to display a "powered by perlshop"-logo on
page.
Bo Elkjaer, Denmark