MHL-2006-001 Public Advisory: "Eazy Cart" Multiple Security Issues

2006-10-11T00:00:00
ID SECURITYVULNS:DOC:14628
Type securityvulns
Reporter Securityvulns
Modified 2006-10-11T00:00:00

Description

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

MHL-2006-001 - Public Advisory

+-----------------------------------------------------------+ | Eazy Cart Multiple Security Issues | +-----------------------------------------------------------+

PUBLISHED ON October 9th, 2006

PUBLISHED AT http://www.mayhemiclabs.com/advisories/MHL-2006-01.txt http://www.mayhemiclabs.com/wiki/wikka.php?wakka=MHL2006001

PUBLISHED BY Mayhemic Labs http://www.mayhemiclabs.com

security AT mayhemiclabs DOT com GPG key: 0x56143F84

APPLICATION Eazy Cart http://www.eazycart.com/ "Eazy Cart the easy to install shopping cart system"

AFFECTED VERSIONS All Verison

ISSUES Eazy Cart is vulnerable to authenication bypassing, data injection, and XSS attacks

    1) Authenication bypass
    Eazy Cart does not check login credentials past the
    initial login screen of the administration menu.

    Example:
    An attacker can access all administrative functions
    without authentication by going to /admin/home/index.php.

    2) Data Injection
    Eazy Cart trusts user entered data implicitly, allowing
    an attacker to adjust prices and other values when
    ordering.

    Example: A user can craft a malicious URL to submit
    incorrect data to easycart.php telling it to add items
    to its cart for incorrect prices, including negative
    values.

    3) XSS
    Eazy Cart trusts user entered data implicitly, not
    sanatizing it for malicious code.

    Example: A user can craft a malicious URL to submit
    incorrect data to easycart.php feeding it malicious
    javascript

WORKAROUNDS None at this time

SOLUTIONS None at this time

REFERENCES None

TIMELINE October 3rd, 2006 Vendor/Developer Notified October 8th, 2006 Vendor/Developer notification returned. October 9th, 2006 Public Release

ADDITIONAL CREDIT N/A

LICENSE Creative Commons Attribution-ShareAlike License http://creativecommons.org/licenses/by-sa/2.5 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFKvXhzjnMaVYUP4QRAh6bAKC6C4ZG/KkYsijeVnC2AuiwvG1O1wCeNePN aVJsxgezSujUz7MNkJQavJ8= =Is2h -----END PGP SIGNATURE-----