McMurtrey/Whitaker & Associates Cart32 2.6/3.0 - Remote Administration Password

EDB-ID:

19881

CVE:

2000-0429

EDB Verified:

Author:

Cerberus Security Team

Type:

remote

Exploit:   /  

Platform:

Windows

Date:

2000-04-27

Vulnerable App: 
source: https://www.securityfocus.com/bid/1153/info


Within cart32.exe, entering any password by way of http://target/scripts/cart32.exe/cart32clientlist, a remote user could obtain vital client information such as username, password, credit card numbers, and other crucial details. Passwords will appear encrypted, however they can be used in conjunction with specific URL requests which can be used to execute arbitrary commands.

In addition, by accessing http://target/scripts/c32web.exe/ChangeAdminPassword, a remote user is able to change the administrative password without prior knowledge of the previous password.

http://target/scripts/cart32.exe/cart32clientlist 
Any password can be used.

http://target/scripts/c32web.exe/ChangeAdminPassword
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services