2002752

	Dansie shopping cart
advICE :Intrusions : 2002752

FAQ

Oh my gosh, I'm being HACKED!!!

How do I report the hacker to my ISP?

I'm seeing lots of attacks, is this normal?

Summary
A suspicious URL has been seen allowing access to a Dansie shopping cart server.
Details
Dansie Shopping Cart is a Web-based Perl shopping cart system. The cart.pl (Perl) application in Dansie Shopping Cart 3.0.4 handles form variables insecurely. By adding form variables, such as vars, env, or db to a URL, a remote attacker can obtain database or configuration information to modify the shopping cart contents

more information

X-Force: 4954 Dansie shopping cart allows retrieval of sensitive configuration information

parametric information

URL The suspicious URL.

accessed Indicates whether the URL was successfully accessed.

code The HTTP return code.

arg The argument to the GET command (if any).

 
Version appeared: 3.5