header-logo
Suggest Exploit
vendor:
netCART
by:
SecurityFocus
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: netCART
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

.netCART Default Install Vulnerability

It has been alleged that .netCART fails to adequately protect the contents of a directory in a default install. It is therefore reportedly possible for remote users to request the an XML file from this directory. This could expose sensitive information stored in this file, including authentication credentials to remote attackers.

Mitigation:

Ensure that the directory is adequately protected from unauthorized access.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8210/info

.netCART is a web based e-commerce and shopping cart site designed for ASP.NET.

It has been alleged that .netCART fails to adequately protect the contents of a directory in a default install. It is therefore reportedly possible for remote users to request the an XML file from this directory. This could expose sensitive information stored in this file, including authentication credentials to remote attackers.

Information collected in this manner may be used to aid in further attacks launched against the vulnerable system.

http://www.example.com/Data/settings.xml

Navigation

Suggest Exploit

Services By CQR