OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: more problems with that POS dansie cart software!
From: Randy Janinda (randy.janindaNDCORP.COM)
Date: Fri Apr 14 2000 - 11:41:33 CDT


On Fri, Apr 14, 2000 at 11:09:47AM -0400, tombow decided:
> if installing a backdoor in the cart software wasn't bad enough.. the
> whole implimentation of pricing and adding items to cart is crap..
>
> example form to add items to your cart (kindly provided on the publishers
> site using the demo cart they set up for us):
>
> *snip*
>
> I am aware this was posted a few months ago but I don't recall anyone
> posting in relation to this particular software package..
>
> tom

I too have looked at the software and would like to add my findings:

There are numerous variables you can add to the URL to retrieve interesting
information:

(http://www.domain.com/cgi-bin/cart.pl?xxx) where xxx =

vars - will give you the setup variables for the software, an interesting thing
to note is about 3/4 down the page is a login ID and security (password) for CC
transactions?

env - lists environment variables

and my personal favorite

db - Let me explain this one a bit

this works differently on the numberous versions. So do a 'vars' and look for a
string called "query_separator" (usually a | or =). Then do this

site.com/path-to/cart.pl?db|filename|All%20Items (i.e
http://www.target.com/cgi-bin/cart.pl?db|cart.pl|All%20Items)

This will open the file for reading.. I haven't got it to successfully open
things in "recursive" paths (i.e ../../../etc/passwd), but it does seem to
indicate if a certain file exists of not.

Also of note:

the All%20Items part can be substituted by your favorite HTML tags, to create a
custom viewing experience ;)

Have fun.

--
Randy Janinda