Examples of Poorly Implemented Shopping Carts

Previous page
Table of content
Next page

Examples of Poorly Implemented Shopping Carts

We illustrate briefly what can go wrong if shopping carts are poorly implemented by presenting some examples in this section. More complete coverage of the vulnerabilities illustrated here are presented in later chapters and in Chapter 10, in particular.

Carello Shopping Cart

The Carello shopping cart (http://www.carelloweb.com) running on Windows NT has a flaw that allows remote command execution over HTTP. This shopping cart has a component called Carello.dll that interacts with the client. An attacker can inject commands by using malformed URLs that lead to remote command execution on the Web server.

For example, the following URL can execute the dir command on the server:

http://target/scripts/Carello/Carello.dll?CARELLOCODE=SITE2&VBEXE=C:\..\winnt\system32\cmd.exe%20/c%20dir

A full description is available at http://securitytracker.com/alerts/2001/May/1001526.html.

DCShop Shopping Cart

The DCShop shopping cart (http://www.dcscripts.com/dcforum/dcshop/44.html) stores temporary order information in clear text in a temporary file called orders.txt. This file is in DCShop's Order subdirectory and can be retrieved directly via HTTP by any user. The orders.txt file contains all the data related to customers' recent orders, including names, shipping addresses, billing addresses, e-mail addresses, and credit card data. The attack can be performed simply by issuing the following URL:

http://target/cgi-bin/DCShop/Orders/orders.txt

A full description is available at http://securitytracker.com/alerts/2001/Jun/1001777.html.

Hassan Consulting's Shopping Cart

Hassan Consulting's shopping cart (http://www.irata.com/products.html) allows arbitrary command execution on the server. The shopping cart runs on Unix and is written in Perl. The script, shop.pl, doesn't filter out characters such as ";" and "|," which allow remote users to inject commands on the server via the URL. URL exploitation occurs as follows:

http://target/cgi-local/shop.pl/SID=947626980.19094/page=;ls|

A full description is available at http://securitytracker.com/alerts/2001/Sep/1002379.html.

Cart32 and Several Other Shopping Carts

Some shopping carts have hidden form fields within the html source code that contain product information such as price, weight, quantity, and identification. An attacker can save the Web page of a particular item to his computer and edit the html source, allowing him to alter the parameters of the product, including the price of the product.

A full description is available at http://online.securityfocus.com/bid/1237.

 


Previous page
Table of content
Next page
Web Hacking(c) Attacks and Defense
Web Hacking: Attacks and Defense
ISBN: 0201761769
EAN: 2147483647
Year: 2005
Pages: 156
Authors: Stuart McClure, Saumil Shah, Shreeraj Shah
BUY ON AMAZON
OpenSSH: A Survival Guide for Secure Shell Handling (Version 1.0)
Certified Ethical Hacker Exam Prep
High-Speed Signal Propagation[c] Advanced Black Magic
C++ GUI Programming with Qt 3
The Lean Six Sigma Pocket Toolbook. A Quick Reference Guide to Nearly 100 Tools for Improving Process Quality, Speed, and Complexity
Microsoft Visual Basic .NET Programmers Cookbook (Pro-Developer)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy