Date: Sun, 25 Apr 1999 13:38:43 +0200
From: Bo Elkjaer <boo@DATASHOPPER.DK>
To: BUGTRAQ@netspace.org
Subject: Re: Shopping Carts exposing CC data

Hi Joe
Your CC-exposures are gaining momentum. Right now I'm only waiting for the
mainstream papers to catch up. I'm a journalist myself, working for one of
Denmarks largest newspapers, but my boss don't think this is interesting stuff.
Heh. Asshole.

Found out some more:

Cybercash 2.1.4 - http://www.cybercash.com
Platforms: Sparc?
Exposed directory: /smps-2.1.4-solaris-sparc/
Exposed orderinfo: Several files, as far as I can see. Many are located in the
/db/credit directory.
Whats worse: Exposed admin-password and configuration-files: admin.pw and
admin.conf.
Status: commercial.

I seem to remember that Cybercash was mentioned on this list a while ago because
of a bug in the debug configuration which meant that you couldn't disable full
debugging. Not sure though, and my memory has a record of leakages.

Bo Elkjaer, Denmark