exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

MS-Commerce.txt

MS-Commerce.txt
Posted Mar 23, 2006
Authored by Dimitri van de Giessen

It is possible to bypass authentication in Microsoft Commerce Server pre SP2

tags | advisory
SHA-256 | 896846e873ec1a1bb9b4e70032331be7942f1231cfd48459e53fb076624b6f45
Download | Favorite | View

MS-Commerce.txt

Change Mirror Download
Microsoft Commerce Server 2002: 
Logon as known user with a false password

 
Vulnerable:

Microsoft
Windows Server 2000/2003
+ Internet Information Server 5/6
+ Commerce Server 2002


Discussion:

Microsoft Commerce Server is used by company's who want to give customers
the opportunity to change there own details on the internet or buying
products.
Company's who use it are: eCommerce site's or interactive company's

The problem lays in the sample files of "authfiles". If you make your own
Solution site in Commerce Server and the "authfiles" are installed on your
server, you're vulnerable for positive user logon's using false passwords.

If you know a user (some site's uses a e-mail address) and you go to
http://site/authfiles/login.asp (some site's has it in an other directory)
and you enter the Username and a false password you get a error. 

After the error's you go with the same browser to the directory root of the
site http://site/ You get an other error and if you go again to the site and
you are logon as the entered user.

 
Vendor Response time:

31-03-2003 - First contact
26-08-2003 - Fixed in SP2


Status:

Fixed by Microsoft

Download & Install Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyID=58e6d658-cc3e-4846-
8ef7-264e6eeb4c1e
 
-- Quote Readme.htm --

A fix for a security issue reported by Dimitri van de Giessen

-- End Quote Readme.htm --

Also they already made a warning before Service Pack 2 came:
http://msdn.microsoft.com/library/en-us/csvr2002/htm/cs_se_securityconcepts_
cbgw.asp?frame=true#cs_se_securecode_viuy

-- Quote Microsoft --

Solution Sites AuthFiles Folder: Remove Directory

The Solution Sites include a folder called AuthFiles. You can use the files
in this folder if you want to integrate AuthFilter into your site. 

If you do not want to use AuthFilter, you must remove the AuthFiles
directory or remove the permissions from the directory. If you do not, your
site will be a security risk.

-- End Quote Microsoft --.


Contact:

Dimitri van de Giessen
E-mail  d.vd.giessen@xs4all.nl
Tel. number: +31622607367 (The Netherlands)


Login or Register to add favorites

File Archive:

August 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    15 Files
  • 2
    Aug 2nd
    22 Files
  • 3
    Aug 3rd
    0 Files
  • 4
    Aug 4th
    0 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    11 Files
  • 7
    Aug 7th
    43 Files
  • 8
    Aug 8th
    42 Files
  • 9
    Aug 9th
    36 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close