Cart32 Remote Password Disclosure and Administrative Password Change Vulnerability

vendor:

Cart32

by:

SecurityFocus

7.5

CVSS

HIGH

Password Disclosure and Administrative Password Change

200

CWE

Product Name: Cart32

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2002

Cart32 Remote Password Disclosure and Administrative Password Change Vulnerability

Within cart32.exe, entering any password by way of http://target/scripts/cart32.exe/cart32clientlist, a remote user could obtain vital client information such as username, password, credit card numbers, and other crucial details. Passwords will appear encrypted, however they can be used in conjunction with specific URL requests which can be used to execute arbitrary commands. In addition, by accessing http://target/scripts/c32web.exe/ChangeAdminPassword, a remote user is able to change the administrative password without prior knowledge of the previous password.

Mitigation:

Ensure that the cart32.exe and c32web.exe scripts are not accessible from the web server.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1153/info


Within cart32.exe, entering any password by way of http://target/scripts/cart32.exe/cart32clientlist, a remote user could obtain vital client information such as username, password, credit card numbers, and other crucial details. Passwords will appear encrypted, however they can be used in conjunction with specific URL requests which can be used to execute arbitrary commands.

In addition, by accessing http://target/scripts/c32web.exe/ChangeAdminPassword, a remote user is able to change the administrative password without prior knowledge of the previous password.

http://target/scripts/cart32.exe/cart32clientlist 
Any password can be used.

http://target/scripts/c32web.exe/ChangeAdminPassword