|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
MHL-2006-001 - Public Advisory
+-----------------------------------------------------------+
| Eazy Cart Multiple Security Issues |
+-----------------------------------------------------------+
PUBLISHED ON
October 9th, 2006
PUBLISHED AT
http://www.mayhemiclabs.com/advisories/MHL-2006-01.txt
http://www.mayhemiclabs.com/wiki/wikka.php?wakka=MHL2006001
PUBLISHED BY
Mayhemic Labs
http://www.mayhemiclabs.com
security AT mayhemiclabs DOT com
GPG key: 0x56143F84
APPLICATION
Eazy Cart
http://www.eazycart.com/
"Eazy Cart the easy to install shopping cart system"
AFFECTED VERSIONS
All Verison
ISSUES
Eazy Cart is vulnerable to authenication bypassing,
data injection, and XSS attacks
1) Authenication bypass
Eazy Cart does not check login credentials past the
initial login screen of the administration menu.
Example:
An attacker can access all administrative functions
without authentication by going to /admin/home/index.php.
2) Data Injection
Eazy Cart trusts user entered data implicitly, allowing
an attacker to adjust prices and other values when
ordering.
Example: A user can craft a malicious URL to submit
incorrect data to easycart.php telling it to add items
to its cart for incorrect prices, including negative
values.
3) XSS
Eazy Cart trusts user entered data implicitly, not
sanatizing it for malicious code.
Example: A user can craft a malicious URL to submit
incorrect data to easycart.php feeding it malicious
javascript
WORKAROUNDS
None at this time
SOLUTIONS
None at this time
REFERENCES
None
TIMELINE
October 3rd, 2006
Vendor/Developer Notified
October 8th, 2006
Vendor/Developer notification returned.
October 9th, 2006
Public Release
ADDITIONAL CREDIT
N/A
LICENSE
Creative Commons Attribution-ShareAlike License
http://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFKvXhzjnMaVYUP4QRAh6bAKC6C4ZG/KkYsijeVnC2AuiwvG1O1wCeNePN
aVJsxgezSujUz7MNkJQavJ8=Is2h
-----END PGP SIGNATURE-----