| VID |
21132 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The '/PDG_Cart/shopper.conf' file is exposed. The PDGSoft's Shopping Cart web-based shopping systems could be potentially misconfigured by the site's administrator.
The order.log file contains customer order information including credit card details and order history and the shopper.conf file contains the configure information of the Web store in world readable plain text files. These files can be retrieved by a remote attacker when they have been poorly secured in this manner. worse, shopper.conf exposes the clear text copy of Authnet_Login and Authnet_Password, which gives you full remote administrative access to the cart. |
| Recommendation |
Reinstall the PDGSoft Shopping Cart application, following the installation instructions carefully. To prevent unauthorized remote access to sensitive PDGSoft Shopping Cart files and directories, ensure that appropriate permissions have been set.
* See the following site about the detailed information:
http://www.pdgsoft.com/ |
| Related URL |
CVE-1999-0608 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
3857 (ISS) |
|
