McMurtrey/Whitaker & Associates Cart32 Remote Administration Password Vulnerability
BID:1153
Info
McMurtrey/Whitaker & Associates Cart32 Remote Administration Password Vulnerability
| Bugtraq ID: | 1153 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Apr 27 2000 12:00AM |
| Updated: | Apr 27 2000 12:00AM |
| Credit: | Posted to Bugtraq on April 27, 2000 by Cerberus Security Team <[email protected]>. |
| Vulnerable: |
McMurtrey/Whitaker & Associates Cart32 3.0 McMurtrey/Whitaker & Associates Cart32 2.6 |
| Not Vulnerable: | |
Discussion
McMurtrey/Whitaker & Associates Cart32 Remote Administration Password Vulnerability
Within cart32.exe, entering any password by way of http://target/scripts/cart32.exe/cart32clientlist, a remote user could obtain vital client information such as username, password, credit card numbers, and other crucial details. Passwords will appear encrypted, however they can be used in conjunction with specific URL requests which can be used to execute arbitrary commands.
In addition, by accessing http://target/scripts/c32web.exe/ChangeAdminPassword, a remote user is able to change the administrative password without prior knowledge of the previous password.
Within cart32.exe, entering any password by way of http://target/scripts/cart32.exe/cart32clientlist, a remote user could obtain vital client information such as username, password, credit card numbers, and other crucial details. Passwords will appear encrypted, however they can be used in conjunction with specific URL requests which can be used to execute arbitrary commands.
In addition, by accessing http://target/scripts/c32web.exe/ChangeAdminPassword, a remote user is able to change the administrative password without prior knowledge of the previous password.
Exploit / POC
McMurtrey/Whitaker & Associates Cart32 Remote Administration Password Vulnerability
http://target/scripts/cart32.exe/cart32clientlist
Any password can be used.
http://target/scripts/c32web.exe/ChangeAdminPassword
http://target/scripts/cart32.exe/cart32clientlist
Any password can be used.
http://target/scripts/c32web.exe/ChangeAdminPassword
Solution / Fix
McMurtrey/Whitaker & Associates Cart32 Remote Administration Password Vulnerability
Solution:
McMurtrey/Whitaker & Associates has released upgrades which addresses this issue.
Official Patches:
McMurtrey/Whitaker & Associates Cart32 2.6
McMurtrey/Whitaker & Associates Cart32 3.0
Solution:
McMurtrey/Whitaker & Associates has released upgrades which addresses this issue.
Official Patches:
McMurtrey/Whitaker & Associates Cart32 2.6
-
McMurtrey/Whitaker & Associates c32admin (2.6)
Copy into the Cart32 directory. "On ISP" installations do not need this file.
http://www.cart32.com/download/v26latestbuilds/c32admin.exe -
McMurtrey/Whitaker & Associates c32web (2.6)
Copy into the CGI directory.
ftp://ftp.cart32.com/v26latestbuilds/c32web.exe -
McMurtrey/Whitaker & Associates cart
Copy into the Cart32 directory.
http://www.cart32.com/download/v26latestbuilds/cart.exe -
McMurtrey/Whitaker & Associates cart32 (2.6)
Copy into the CGI directory.
ftp://ftp.cart32.com/v26latestbuilds/cart32.exe
McMurtrey/Whitaker & Associates Cart32 3.0
-
McMurtrey/Whitaker & Associates c32admin (3.0)
Download this file only if you are running the "On your own server" version. Place this file in the installation directory which is c:\program files\mwainc\cart32 by default.
ftp://ftp.cart32.com/v30latestbuilds/c32admin.exe -
McMurtrey/Whitaker & Associates c32web (3.0)
Copy into the CGI directory.
ftp://ftp.cart32.com/v30latestbuilds/c32web.exe -
McMurtrey/Whitaker & Associates cart32 (3.0)
Copy into the CGI directory.
http://www.cart32.com/download/v30latestbuilds/cart32.exe
References
McMurtrey/Whitaker & Associates Cart32 Remote Administration Password Vulnerability
References:
References:
- Cart32 Product Homepage (McMurtrey/Whitaker & Associates)