(hhp) WebShop advisory. (hhp) hhp-ADV#1 by: loophole hhp@hhp.perlx.com 4:16:15CST 4/22/1999 --------------------------------------------------------------------- Alright to my knowledge, there is another dangerous shop service if installed the right way. I contacted the vendor and notified the admin of the problem. I have the feeling this isnt all though. I'm almost positive there are more dangerous shopping services out there that will be found very soon after all these posts get noticed. So for now I will look around, please dont flood my email and i'll repost if I find anything else. Please remember this does not mean there is a flaw in the service unless it is by defualt this is left readable on a clean instalation with no configuration files to modify the permissions. Also PGP options would illiminate most of the problems. Also please note I did not install this software, the info I have gathered was on the website and the vulnerable site was found by a search engine. Info: WebShop via http://www.inetlab.com/products.html Platforms: Windows 95/98/NT on Intel Linux on Intel or Sparc Solaris on Intel or Sparc FreeBSD 2.2 or smaller on Intel FreeBSD 3.0 on Intel BSDI/OS on Intel............... (Found vuln server.) Silicon Graphics Irix on MIPS.. (Found vuln server.) Executable: WebShop.cgi Exposed Directory: WebShop or webshop Exposed Order info: WebShop/templates/cc.txt and or WebShop/logs/cc.txt and ck.log Status: Free?, resale=$50?. Number of exposed installs found: 2+ PGP Option available?: Unknown. ---------------------------------------------------------------------