Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

webcart.cc.txt

🗓️ 17 Aug 1999 00:00:00Reported by Packet StormType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 53 Views

Webcart exposes sensitive data, including order and config files, posing security risk for users.

Code
`Date: Fri, 23 Apr 1999 23:14:31 +0200  
From: Bo Elkjaer <[email protected]>  
To: [email protected]  
Subject: Re: Shopping Carts exposing CC data  
  
This is my first post to Bugtraq so please bear with me for any errs and/or  
misconducts.  
  
I'd just like to point out, that Webcart is vulnerable too.  
  
Here goes:  
  
  
Mountain Network Systems Inc. http://www.mountain-net.com  
Platform: ?  
Exposed Directories: /config, /orders (and others. They're all listed in  
config-file)  
Exposed Order Info: orders.txt  
Exposed Config Info: mountain.cfg  
Number of exposed installs: 18+ at a quick glance. Probably more.  
PGP Option Available?: Unknown  
Status: Commercial, ranging from $399 to $4650.  
  
  
Bo Elkjaer, Denmark  
  
---------------------------------------------------------------------------  
  
Date: Fri, 23 Apr 1999 17:15:00 -0700  
From: Joe <[email protected]>  
To: [email protected]  
Subject: Re: Shopping Carts exposing CC data  
  
On Fri, 23 Apr 1999, Bo Elkjaer wrote:  
  
> This is my first post to Bugtraq so please bear with me for any errs and/or  
> misconducts.  
>  
> I'd just like to point out, that Webcart is vulnerable too.  
>  
> Here goes:  
>  
>  
> Mountain Network Systems Inc. http://www.mountain-net.com  
> Platform: ?  
> Exposed Directories: /config, /orders (and others. They're all listed in  
> config-file)  
> Exposed Order Info: orders.txt  
> Exposed Config Info: mountain.cfg  
> Number of exposed installs: 18+ at a quick glance. Probably more.  
> PGP Option Available?: Unknown  
> Status: Commercial, ranging from $399 to $4650.  
>  
>  
> Bo Elkjaer, Denmark  
>  
  
Confirmed it, sent a heads-up to mountain-net. Worse, look for  
"import.txt" and "checks.txt" Import.txt includes every order ever made  
on the site in a tab-delimited format.  
  
*sigh*  
  
--  
Joe H. Technical Support  
General Support: [email protected] Blarg! Online Services, Inc.  
Voice: 425/401-9821 or 888/66-BLARG http://www.blarg.net  
  
---------------------------------------------------------------------------  
  
Date: Sat, 24 Apr 1999 03:37:32 +0200 (CEST)  
From: Anonymous <[email protected]>  
To: [email protected]  
Subject: Hole in Web Security  
  
E-commerce Boom Fueling Security Hole?  
http://www.thestandard.com/articles/display/0,1449,4307,00.html  
  
Expert Finds Hole in Shopping Carts  
http://www.zdnet.com/zdnn/stories/news/0,4586,2246537,00.html  
  
Expert Warns of Safety Glitch in Online-Shopping Software  
http://interactive.wsj.com/articles/SB924838677495215904.htm  
  
Online Credit Card Theft Reported  
http://www.latimes.com/HOME/BUSINESS/t000036381.1.html  
  
---------------------------------------------------------------------------  
  
Date: Fri, 23 Apr 1999 22:57:45 -0500  
From: hevnsnt <[email protected]>  
To: [email protected]  
Subject: Re: Shopping Carts exposing CC data  
  
  
Sorry If already known, 1st post..  
  
Even worse than this, check the Admin directory.. ugh. Seems as though you  
can configure the system without any type of password or authentication.  
*sigh* x2  
  
-hevn  
  
---------------------------------------------------------------------------  
  
Date: Sat, 24 Apr 1999 14:54:40 -0500  
From: William Devine II <[email protected]>  
To: [email protected]  
Subject: Re: FW: Shopping Carts exposing CC data (fwd from Mountain-Net  
  
Mountain Network Systems (www.mountain-net.com) makers of the  
WebCart system is a customer of ours. I received email from him after  
forwarding a copy of the messages on the bugtraq re: webcart.  
This is a reply I received from him.  
  
william  
  
Forwarded message:  
> From [email protected] Sat Apr 24 07:12:51 1999  
> Date: Sat, 24 Apr 1999 07:11:41 -0500  
> To: "William Devine, II" <[email protected]>  
> X-UIDL: 924983340.009  
> From: [email protected]  
> Subject: Re: FW: Shopping Carts exposing CC data  
>  
> Hi William,  
>  
> Can you tell me where the signup is or just post this message.  
>  
> Good Day,  
>  
> We noticed your comment regarding one of our systems. Please be informed  
> that we clearly state in the manuals how to secure your website when using  
> the WebCart(r) system. If the website owner elects not to take these steps  
> information will be exposed. This is not a reflection of the software but  
> the level of protection the website/store owner wants to give their clients.  
>  
> In terms of professional conduct, if you find issues such as these you  
> should contact the store owner and inform them of this. Not post their  
> website to everyone in a mailist. You should also make sure you have all  
> related information prior to making such a bold statement. You have clearly  
> not read or had access to the manuals which describe in detail the steps to  
> take to  
> avoid this issue.  
>  
> Best Regards,  
> Dan  
>  
> At 17:07 4/23/99 -0500, you wrote:  
> >  
> >  
> >-----Original Message-----  
> >From: Bugtraq List [mailto:[email protected]] On Behalf Of Bo Elkjaer  
> >Sent: Friday, April 23, 1999 4:15 PM  
> >To: [email protected]  
> >Subject: Re: Shopping Carts exposing CC data  
> >  
> >  
> >This is my first post to Bugtraq so please bear with me for any errs and/or  
> >misconducts.  
> >  
> >I'd just like to point out, that Webcart is vulnerable too.  
> >  
> >Here goes:  
> >  
> >  
> >Mountain Network Systems Inc. http://www.mountain-net.com  
> >Platform: ?  
> >Exposed Directories: /config, /orders (and others. They're all listed in  
> >config-file)  
> >Exposed Order Info: orders.txt  
> >Exposed Config Info: mountain.cfg  
> >Number of exposed installs: 18+ at a quick glance. Probably more.  
> >PGP Option Available?: Unknown  
> >Status: Commercial, ranging from $399 to $4650.  
> >  
> >  
> >Bo Elkjaer, Denmark  
> >  
> >  
> >  
>  
> ------------------------------------------------------  
> Mountain Network Systems, Inc. (281) 373-1196  
> P.O. Box 1362 Cypress, TX 77429   
> "Your Internet Programming Source"  
>  
> http://www.mountain-net.com   
> http://www.inet-domains.net  
> http://www.webstores.net  
>  
> ------------------------------  
> Sales: [email protected]  
> Support: [email protected]  
> ------------------------------  
>  
> Specialist in Advanced Internet Systems . . . making your  
> website work for you all day everyday.  
>  
> Economist estimate a $200 billion online market by the  
> year 2000. Now is the time to transform your website  
> into a profit center!  
> ------------------------------------------------------  
>  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Aug 1999 00:00Current
7.4High risk
Vulners AI Score7.4
webcart vulnerabilityexposed directoriessensitive datamountain network systemsorder informationconfig files.
53