OneWorldStore user information disclosure

Sunday, April 24, 2005
##############################################
OneWorldStore user order information disclosure
vendor urL: http://www.oneworldstore.com/
advisory:http://lostmon.blogspot.com/2005/04/
oneworldstore-user-information.html
vendor confirmed: yes exploit available:yes
OSVDB ID:15781
Secunia: SA15104
Securitytracker:1013796
BID:13361
###############################################

vendor security url :
http://oneworldstore.com/support_security_issue_updates.asp
#April_24_2005_Lostmon


OneWorldStore contains a flaw that may lead to an unauthorized
information disclosure. The issue is triggered when a remote user
manipulates the value of variable 'idOrder' upon submit to
'PaymentMethods/owOfflineCC.asp' script occurs, which will
disclose name on credit card and the address from buyers this
information resulting in a loss of confidentiality.



versions :

OneWorldStore™ Free Store
OneWorldStore™ Basic Store
OneWorldStore™ SOHO Store
OneWorldStore™ Business Store
OneWorldStore™ Enterprise Store

#########
solution:
#########

vendor´s Patch :
http://oneworldstore.com/support_updates.asp

#########
timeline
#########

discovered on :24 april 2005
vendor notify 24 april 2005
vendor response 24 april 2005
vendor fix : 24 april 2005 ( 1 hour later WoW)
disclosure: 25 april 2005
##############
Proof of concept
##############


http://[victim]/owBasket/PaymentMethods/owOfflineCC.asp?idOrder=1
http://[victim]/owBasket/PaymentMethods/owOfflineCC.asp?idOrder=2
http://[victim]/owBasket/PaymentMethods/owOfflineCC.asp?idOrder=3
http://[victim]/owBasket/PaymentMethods/owOfflineCC.asp?idOrder=

thnx to estrella to be my ligth
thnx to all http://www.osvdb.org Team
thnx to all who day after day support me !!!
thnx to vendor very fast respose and very fast release a fix good work !!


--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Data Mangler of: http://www.osvdb.org
--
La curiosidad es lo que hace mover la mente....

Latest OSVDB Vulnerabilities

 

Browse

About:Me

My blog:http://lostmon.blogspot.com
Mail:Lostmon@gmail.com
Lostmon Google group
Lostmon@googlegroups.com

La curiosidad es lo que hace
mover la mente...