exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

DST2K0035.txt

DST2K0035.txt
Posted Oct 5, 2000
Site delphisplc.com

Delphis Consulting Plc Security Team Advisory DST2K0035 - CyberOffice Shopping Cart v2 under Windows NT allows remote users to gain access to the main database by default.

tags | exploit, remote
systems | windows
SHA-256 | 2fdb02d8f7f55cff31711b7223807e7a893b7ff5a0a0d935904804fb84e55918

DST2K0035.txt

Change Mirror Download
============================================================================
Delphis Consulting Plc
============================================================================

Security Team Advisories
[22/09/2000]

securityteam@delphisplc.com
[http://www.delphisplc.com/thinking/whitepapers/]

============================================================================
Adv : DST2K0035
Title : Credit card (customer) details exposed within CyberOffice
Shopping Cart v2
Author : DCIST (securityteam@delphisplc.com)
O/S : Microsoft Windows NT 4 Server (SP5)
Product : CyberOffice Shopping Cart v2
Date : 22/09/2000

I. Description

II. Delphis Solution

III. Vendor Comments

IV. Disclaimer


============================================================================

I. Description
============================================================================

Vendor URL: http://www.smartwin.com.au/smartwin.htm

Delphis Consulting Internet Security Team (DCIST) discovered the following
vulnerability in CyberOffice Shopping Cart v2 under Windows NT.

Severity: high - Database access by default

It is possible with default installations (according to vendor instructions)
of CyberOffice to gain access to the database which holds information on
customer orders, details and credit card information. This data is held in
an unprotected and un-encrypted Microsoft Access Database.

example: http://127.0.0.1/_private/shopping_cart.mdb

By default the _private directory is world readable and accessable by any
anonymous web users. The vendor does however state in the documentation
that the /_private/ directory should not be browsable (i.e. if the file
name is known it can still be downloaded).

II. Delphis Solution
============================================================================

Vendor Status: Informed (See Section III.)

Currently Delphis recommend the following:

o Within IIS (Internet Information Server) manager set the directory
permissions to write but NOT read. This will enable users to update the
database as required by the application but not be able to download it.

-or-

o Migrate from Access to SQL

III. Vendor Comments
============================================================================

Yes SmartWin is aware of the problem from the begining since the release of
the program.

It is a shame that FrontPage does not automatically disable /_private from
browsing. In all of our documents we have stressed this point enough to
cause the ISP to take action to protect the folder. Because it is the ISP
who is required to ultimately fix the problem, the installation is powerless
in that regard.

In addition to the solutions you have given. These are the more common
actions:

1) Use IIS Managemant Console to disable the Read permission on the folder
(done by ISP)

2) Use FrontPage Explorer to disable the folder from being browsed (done by
the Web master)

3) Move the database to /fpdb (the database folder used by newer versions of
FrontPage).

How to protect databases from being directly downloaded is the problem that
every ISP faces everyday. SmartWin has given sufficient warning toward this
issue. It should NOT be classified as CyberShop's problem. We have given
warning through out the programs to bring users' attention to this potential
problem to let ISP to fix it (as only the administrator can fix the
permission).

Thanks for providing your research result to us.

Best Regards,

Yong CHEN
SmartWin Technology

IV. Disclaimer
============================================================================
THE INFORMATION CONTAINED IN THIS ADVISORY IS BELIEVED TO BE ACCURATE AT
THE TIME OF PRINTING, BUT NO REPRESENTATION OR WARRANTY IS GIVEN, EXPRESS OR
IMPLIED, AS TO ITS ACCURACY OR COMPLETENESS. NEITHER THE AUTHOR NOR THE
PUBLISHER ACCEPTS ANY LIABILITY WHATSOEVER FOR ANY DIRECT, INDIRECT OR
CONSEQUENTIAL LOSS OR DAMAGE ARISING IN ANY WAY FROM ANY USE OF, OR RELIANCE
PLACED ON, THIS INFORMATION FOR ANY PURPOSE.
============================================================================
This e-mail and any files transmitted with it are intended solely for the
addressee and are confidential. They may also be legally
privileged.Copyright in them is reserved by Delphis Consulting PLC
["Delphis"] and they must not be disclosed to, or used by, anyone other than
the addressee.If you have received this e-mail and any accompanying files in
error, you may not copy, publish or use them in any way and you should
delete them from your system and notify us immediately.E-mails are not
secure. Delphis does not accept responsibility for changes to e-mails that
occur after they have been sent. Any opinions expressed in this e-mail may
be personal to the author and may not necessarily reflect the opinions of
Delphis

Login or Register to add favorites

File Archive:

November 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    16 Files
  • 2
    Nov 2nd
    17 Files
  • 3
    Nov 3rd
    17 Files
  • 4
    Nov 4th
    11 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    3 Files
  • 8
    Nov 8th
    59 Files
  • 9
    Nov 9th
    12 Files
  • 10
    Nov 10th
    6 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    1 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    9 Files
  • 15
    Nov 15th
    33 Files
  • 16
    Nov 16th
    53 Files
  • 17
    Nov 17th
    11 Files
  • 18
    Nov 18th
    14 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    26 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    10 Files
  • 24
    Nov 24th
    9 Files
  • 25
    Nov 25th
    11 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    20 Files
  • 29
    Nov 29th
    9 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close