[VIM] Cool Cafe' product found - mostly

Steven M. Christey coley at mitre.org
Tue Oct 3 20:49:50 EDT 2006


See CVE's below.

OSVDB:17349 and OSVDB:17350 had marked these issues as myth/fake,
saying there was no info on the product, and it might have been
site-specific.  I dug into this a little more, because morning wood
was the researcher.  A couple inurl: queries later, and it looks like
there's some product *somewhere* that at least used to be distributed
at coolcafe.ca (not any more), that has been hacked by some defacers
on in-the-wild sites.

Proper spelling: Cool Café!

(by the way, has anybody figured out how to handle all the different
language/charsets/encodings in their database?  I just paste and pray)

Google search:

  inurl:"coolcafe/login.asp"

You can narrow it down a little more if you add "defaced" or "owned"
into your query.

It appears to be just a chat utility, no clear association with
restaurants besides its name.


- Steve

======================================================
Name: CVE-2005-2035
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2035
Acknowledged: yes advisory/yes followup/yes changelog/yes/unknown discloser-claimed/unknown vague/unknown/no disputed/no
Announced: 20050616
Flaw: sql-inject
Reference: FULLDISC:20050616 CoolCafe Chat SQL injection
Reference: URL:http://seclists.org/lists/fulldisclosure/2005/Jun/0205.html
Reference: MISC:http://exploitlabs.com/files/advisories/EXPL-A-2005-009-coolcafe.txt
Reference: OSVDB:17349
Reference: URL:http://www.osvdb.org/17349
Reference: SECTRACK:1014221
Reference: URL:http://securitytracker.com/id?1014221

SQL injection vulnerability in login.asp for Cool Cafe (Cool Café)
Chat 1.2.1 allows remote attackers to execute arbitrary SQL commands
via the password.


Analysis:
INCLUSION: at first glance, this does not appear to be a valid
product, but a Google search for inurl:"coolcafe/login.asp" yields a
number of results.


======================================================
Name: CVE-2005-2036
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2036
Acknowledged: yes advisory/yes followup/yes changelog/yes/unknown discloser-claimed/unknown vague/unknown/no disputed/no
Announced: 20050616
Flaw: form-field
Reference: FULLDISC:20050616 CoolCafe Chat SQL injection
Reference: URL:http://seclists.org/lists/fulldisclosure/2005/Jun/0205.html
Reference: MISC:http://exploitlabs.com/files/advisories/EXPL-A-2005-009-coolcafe.txt
Reference: OSVDB:17350
Reference: URL:http://www.osvdb.org/17350

modifyUser.asp in Cool Cafe (Cool Café) Chat 1.2.1 allows remote
attackers to obtain the administrator password and email address via a
modified nickname value.


Analysis:
INCLUSION: at first glance, this does not appear to be a valid
product, but a Google search for inurl:"coolcafe/login.asp" yields a
number of results.




More information about the VIM mailing list