Date: Thu, 22 Apr 1999 13:09:32 -0400
From: Elaich Of Hhp 
To: BUGTRAQ@netspace.org
Subject: WebShop advisory.

                 (hhp) WebShop advisory. (hhp)
---------------------------------------------------------------------
Alright  to  my  knowledge,  there  is another dangerous shop service
if  installed  the  right way.  I  contacted  the vendor and notified
the  admin  of the problem.  I have the feeling this isnt all though.
I'm  almost  posotive  there are more dangerous shopping services out
there that will be found very soon after all these posts get noticed.
So  for  now I will look around,  please dont flood my email and i'll
repost if I find anything else.

Please  remember  this  does  not mean there is a flaw in the service
unless  it is by defualt this is left readable on a clean instalation
with  no  configuration  files  to  modify  the permissions. Also PGP
options would illiminate most of the problems.

Also  please  note  I  did not install this software, the info I have
gathered  was  on  the website and the vulnerable site was found by a
search engine.

Info:

WebShop via http://www.inetlab.com/products.html
  Platforms: Windows 95/98/NT on Intel
             Linux on Intel or Sparc
             Solaris on Intel or Sparc
             FreeBSD 2.2 or smaller on Intel
             FreeBSD 3.0 on Intel
             BSDI/OS on Intel............... (Found vuln server.)
             Silicon Graphics Irix on MIPS.. (Found vuln server.)
  Executable: WebShop.cgi
  Exposed Directory: WebShop or webshop
  Exposed Order info: WebShop/templates/cc.txt
                      and or WebShop/logs/cc.txt and ck.log
  Status: Free?, resale=$50?.
  Number of exposed installs found: 2+
  PGP Option available?: Unknown.

elaich - 4:16:15CST 4/22/1999
--------------------------------------------
elaich of the hhp.
Email: hhp@hhp.hemp.net / pigspigs@yahoo.com
Voice: 1800-Rag-on-gH pin: The-hhp-crew
Web: http://hhp.hemp.net
--------------------------------------------

    Source: geocities.com/dharan6/library/hack99

               ( geocities.com/dharan6/library)                   ( geocities.com/dharan6)