anikIFDO.PUGMARKS.COM

• Next message: tombow: "more problems with that POS dansie cart software!"
• Previous message: rain forest puppy: "RFP2K02: "Netscape engineers are weenies!""
• In reply to: Joe: "Back Door in Commercial Shopping Cart"
• Next in thread: Kragen Sitaker: "Re: Back Door in Commercial Shopping Cart"
• Reply: Anik: "Re: Back Door in Commercial Shopping Cart"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

t's been a while since I have looked at the dansie shopping script (almost a
year now). As I remember it, the program also required you (or at least
strongly encouraged) making the script world writeable. As I no longer have
access to the script, I can't double check.
This reinforces the copy protection theory, but also allows a potential
attacker to do other interesting things to the script with much ease.
Anik

On Tue, Apr 11, 2000 at 05:24:06PM -0700, Joe wrote:
> Trojanized Commercial Shopping Cart
> ===============================================================
>
> Dansie Shopping Cart
>
> Version : 3.04 (presumably earlier versions as well)
> Author : Craig Dansie
> URL : http://www.dansie.net/
> Language : Perl (both NT and Unix platforms are vulnerable)
> License : Commercial, starting at $150.00
> Copyright Dec 10, 1997-2000, Dansie Website Design
>
>
> Synopsis : This program -deliberately- allows arbitrary commands to be
> executed on the victim server.
>
[snip]
>
> --
> Joe Technical Support
> General Support: supportblarg.net Blarg! Online Services, Inc.
> Voice: 425/401-9821 or 888/66-BLARG http://www.blarg.net

• Next message: tombow: "more problems with that POS dansie cart software!"
• Previous message: rain forest puppy: "RFP2K02: "Netscape engineers are weenies!""
• In reply to: Joe: "Back Door in Commercial Shopping Cart"
• Next in thread: Kragen Sitaker: "Re: Back Door in Commercial Shopping Cart"
• Reply: Anik: "Re: Back Door in Commercial Shopping Cart"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]