##############################################
OneWorldStore user order information disclosure
vendor urL: http://www.oneworldstore.com/
advisory:http://lostmon.blogspot.com/2005/04/
oneworldstore-user-information.html
vendor confirmed: yes exploit available:yes
OSVDB ID:15781
Secunia: SA15104
Securitytracker:1013796
BID:13361
###############################################
vendor security url :
http://oneworldstore.com/support_security_issue_updates.asp
#April_24_2005_Lostmon
OneWorldStore contains a flaw that may lead to an unauthorized
information disclosure. The issue is triggered when a remote user
manipulates the value of variable 'idOrder' upon submit to
'PaymentMethods/owOfflineCC.asp' script occurs, which will
disclose name on credit card and the address from buyers this
information resulting in a loss of confidentiality.
versions :
OneWorldStore™ Free Store
OneWorldStore™ Basic Store
OneWorldStore™ SOHO Store
OneWorldStore™ Business Store
OneWorldStore™ Enterprise Store
#########
solution:
#########
vendor´s Patch :
http://oneworldstore.com/support_updates.asp
#########
timeline
#########
discovered on :24 april 2005
vendor notify 24 april 2005
vendor response 24 april 2005
vendor fix : 24 april 2005 ( 1 hour later WoW)
disclosure: 25 april 2005
##############
Proof of concept
##############
http://[victim]/owBasket/PaymentMethods/owOfflineCC.asp?idOrder=1
http://[victim]/owBasket/PaymentMethods/owOfflineCC.asp?idOrder=2
http://[victim]/owBasket/PaymentMethods/owOfflineCC.asp?idOrder=3
http://[victim]/owBasket/PaymentMethods/owOfflineCC.asp?idOrder=
thnx to estrella to be my ligth
thnx to all http://www.osvdb.org Team
thnx to all who day after day support me !!!
thnx to vendor very fast respose and very fast release a fix good work !!
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Data Mangler of: http://www.osvdb.org
--
La curiosidad es lo que hace mover la mente....
Subscribe to:
Posts (Atom)