Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: more problems with that POS dansie cart software!

From: randy.janinda () NDCORP COM (Randy Janinda)
Date: Fri, 14 Apr 2000 12:41:33 -0400

On Fri, Apr 14, 2000 at 11:09:47AM -0400, tombow decided:

if installing a backdoor in the cart software wasn't bad enough.. the
whole implimentation of pricing and adding items to cart is crap..

example form to add items to your cart (kindly provided on the publishers
site using the demo cart they set up for us):

*snip*

I am aware this was posted a few months ago but I don't recall anyone
posting in relation to this particular software package..

tom


I too have looked at the software and would like to add my findings:

There are numerous variables you can add to the URL to retrieve interesting
information:

(http://www.domain.com/cgi-bin/cart.pl?xxx) where xxx =

vars - will give you the setup variables for the software, an interesting thing
to note is about 3/4 down the page is a login ID and security (password) for CC
transactions?

env - lists environment variables

and my personal favorite

db - Let me explain this one a bit

this works differently on the numberous versions. So do a 'vars' and look for a
string called "query_separator" (usually a | or =). Then do this

site.com/path-to/cart.pl?db|filename|All%20Items (i.e
http://www.target.com/cgi-bin/cart.pl?db|cart.pl|All%20Items)

This will open the file for reading.. I haven't got it to successfully open
things in "recursive" paths (i.e ../../../etc/passwd), but it does seem to
indicate if a certain file exists of not.

Also of note:

the All%20Items part can be substituted by your favorite HTML tags, to create a
custom viewing experience ;)

Have fun.

--
Randy Janinda
Previous By Date Next
Previous By Thread Next

Current thread: