-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MHL-2006-001 - Public Advisory +-----------------------------------------------------------+ | Eazy Cart Multiple Security Issues | +-----------------------------------------------------------+ PUBLISHED ON October 9th, 2006 PUBLISHED AT http://www.mayhemiclabs.com/advisories/MHL-2006-01.txt http://www.mayhemiclabs.com/wiki/wikka.php?wakka=MHL2006001 PUBLISHED BY Mayhemic Labs http://www.mayhemiclabs.com security AT mayhemiclabs DOT com GPG key: 0x56143F84 APPLICATION Eazy Cart http://www.eazycart.com/ "Eazy Cart the easy to install shopping cart system" AFFECTED VERSIONS All Verison ISSUES Eazy Cart is vulnerable to authenication bypassing, data injection, and XSS attacks 1) Authenication bypass Eazy Cart does not check login credentials past the initial login screen of the administration menu. Example: An attacker can access all administrative functions without authentication by going to /admin/home/index.php. 2) Data Injection Eazy Cart trusts user entered data implicitly, allowing an attacker to adjust prices and other values when ordering. Example: A user can craft a malicious URL to submit incorrect data to easycart.php telling it to add items to its cart for incorrect prices, including negative values. 3) XSS Eazy Cart trusts user entered data implicitly, not sanatizing it for malicious code. Example: A user can craft a malicious URL to submit incorrect data to easycart.php feeding it malicious javascript WORKAROUNDS None at this time SOLUTIONS None at this time REFERENCES None TIMELINE October 3rd, 2006 Vendor/Developer Notified October 8th, 2006 Vendor/Developer notification returned. October 9th, 2006 Public Release ADDITIONAL CREDIT N/A LICENSE Creative Commons Attribution-ShareAlike License http://creativecommons.org/licenses/by-sa/2.5 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFKvXhzjnMaVYUP4QRAh6bAKC6C4ZG/KkYsijeVnC2AuiwvG1O1wCeNePN aVJsxgezSujUz7MNkJQavJ8= =Is2h -----END PGP SIGNATURE-----