<<< Date Index >>>     <<< Thread Index >>>

MHL-2006-001 Public Advisory: "Eazy Cart" Multiple Security Issues

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

MHL-2006-001 - Public Advisory

+-----------------------------------------------------------+
|            Eazy Cart Multiple Security Issues             |
+-----------------------------------------------------------+


PUBLISHED ON
  October 9th, 2006


PUBLISHED AT
  http://www.mayhemiclabs.com/advisories/MHL-2006-01.txt
  http://www.mayhemiclabs.com/wiki/wikka.php?wakka=MHL2006001


PUBLISHED BY
  Mayhemic Labs
  http://www.mayhemiclabs.com

  security AT mayhemiclabs DOT com
  GPG key: 0x56143F84


APPLICATION
  Eazy Cart
  http://www.eazycart.com/
  "Eazy Cart the easy to install shopping cart system"


AFFECTED VERSIONS
  All Verison


ISSUES
  Eazy Cart is vulnerable to authenication bypassing,
  data injection, and XSS attacks

        1) Authenication bypass
        Eazy Cart does not check login credentials past the
        initial login screen of the administration menu.
        
        Example:
        An attacker can access all administrative functions
        without authentication by going to /admin/home/index.php.
        
        2) Data Injection
        Eazy Cart trusts user entered data implicitly, allowing
        an attacker to adjust prices and other values when
        ordering.
        
        Example: A user can craft a malicious URL to submit
        incorrect data to easycart.php telling it to add items
        to its cart for incorrect prices, including negative
        values.
        
        3) XSS
        Eazy Cart trusts user entered data implicitly, not
        sanatizing it for malicious code.
        
        Example: A user can craft a malicious URL to submit
        incorrect data to easycart.php feeding it malicious
        javascript
        
WORKAROUNDS
        None at this time

SOLUTIONS
        None at this time

REFERENCES
        None
        
TIMELINE
        October 3rd, 2006
                Vendor/Developer Notified
        October 8th, 2006
                Vendor/Developer notification returned.
        October 9th, 2006
                Public Release          

ADDITIONAL CREDIT
  N/A

LICENSE
  Creative Commons Attribution-ShareAlike License
  http://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFKvXhzjnMaVYUP4QRAh6bAKC6C4ZG/KkYsijeVnC2AuiwvG1O1wCeNePN
aVJsxgezSujUz7MNkJQavJ8=
=Is2h
-----END PGP SIGNATURE-----