Exploit McMurtrey/Whitaker & Associates Cart32 2.6/3.0 - Remote Administration Password

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
19881
Проверка EDB
  1. Пройдено
Автор
CERBERUS SECURITY TEAM
Тип уязвимости
REMOTE
Платформа
WINDOWS
CVE
cve-2000-0429
Дата публикации
2000-04-27
McMurtrey/Whitaker & Associates Cart32 2.6/3.0 - Remote Administration Password
Код:
source: https://www.securityfocus.com/bid/1153/info


Within cart32.exe, entering any password by way of http://target/scripts/cart32.exe/cart32clientlist, a remote user could obtain vital client information such as username, password, credit card numbers, and other crucial details. Passwords will appear encrypted, however they can be used in conjunction with specific URL requests which can be used to execute arbitrary commands.

In addition, by accessing http://target/scripts/c32web.exe/ChangeAdminPassword, a remote user is able to change the administrative password without prior knowledge of the previous password.

http://target/scripts/cart32.exe/cart32clientlist 
Any password can be used.

http://target/scripts/c32web.exe/ChangeAdminPassword
 
Источник
www.exploit-db.com

Похожие темы