header-logo
Suggest Exploit
vendor:
Cart32
by:
SecurityFocus
4.3
CVSS
MEDIUM
Information Disclosure
200
CWE
Product Name: Cart32
Affected Version From: Cart32
Affected Version To: Cart32
Patch Exists: YES
Related CWE: N/A
CPE: cart32
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Cart32 Information Disclosure Vulnerability

Cart32 is a shopping cart application for e-commerce enabled sites. It contains a vulnerability which reveals server information. Requesting a specially crafted URL, by way of the CGI application, will reveal the physical path to the web root as well to the Windows and Program files directory. Successful exploitation of this vulnerability could assist in further attacks against the victim host.

Mitigation:

Ensure that the application is up to date and all security patches are applied.
Source

Exploit-DB raw data:

source : https://www.securityfocus.com/bid/1932/info

Cart32 is a shopping cart application for e-commerce enabled sites.

Cart32 contains a vulnerability which reveals server information. Requesting a specially crafted URL, by way of the CGI application, will reveal the physical path to the web root as well to the Windows and Program files directory.

Successful exploitation of this vulnerability could assist in further attacks against the victim host.

http://target/cgi-bin/cart32.exe/error 
http://target/cgi-bin/c32web.exe/ShowAdminDir 
http://target/cgi-bin/c32web.exe/CheckError?error=53

Navigation

Suggest Exploit

Services By CQR