Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:14628
HistoryOct 11, 2006 - 12:00 a.m.

MHL-2006-001 Public Advisory: "Eazy Cart" Multiple Security Issues

2006-10-1100:00:00
vulners.com
35
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

MHL-2006-001 - Public Advisory

±----------------------------------------------------------+
| Eazy Cart Multiple Security Issues |
±----------------------------------------------------------+

PUBLISHED ON
October 9th, 2006

PUBLISHED AT
http://www.mayhemiclabs.com/advisories/MHL-2006-01.txt
http://www.mayhemiclabs.com/wiki/wikka.php?wakka=MHL2006001

PUBLISHED BY
Mayhemic Labs
http://www.mayhemiclabs.com

security AT mayhemiclabs DOT com
GPG key: 0x56143F84

APPLICATION
Eazy Cart
http://www.eazycart.com/
"Eazy Cart the easy to install shopping cart system"

AFFECTED VERSIONS
All Verison

ISSUES
Eazy Cart is vulnerable to authenication bypassing,
data injection, and XSS attacks

    1) Authenication bypass
    Eazy Cart does not check login credentials past the
    initial login screen of the administration menu.
    
    Example:
    An attacker can access all administrative functions
    without authentication by going to /admin/home/index.php.
    
    2) Data Injection
    Eazy Cart trusts user entered data implicitly, allowing
    an attacker to adjust prices and other values when
    ordering.
    
    Example: A user can craft a malicious URL to submit
    incorrect data to easycart.php telling it to add items
    to its cart for incorrect prices, including negative
    values.
    
    3) XSS
    Eazy Cart trusts user entered data implicitly, not
    sanatizing it for malicious code.
    
    Example: A user can craft a malicious URL to submit
    incorrect data to easycart.php feeding it malicious
    javascript

WORKAROUNDS
None at this time

SOLUTIONS
None at this time

REFERENCES
None

TIMELINE
October 3rd, 2006
Vendor/Developer Notified
October 8th, 2006
Vendor/Developer notification returned.
October 9th, 2006
Public Release

ADDITIONAL CREDIT
N/A

LICENSE
Creative Commons Attribution-ShareAlike License
http://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFKvXhzjnMaVYUP4QRAh6bAKC6C4ZG/KkYsijeVnC2AuiwvG1O1wCeNePN
aVJsxgezSujUz7MNkJQavJ8=
=Is2h
-----END PGP SIGNATURE-----

JSON