Pacific Software Carello File Duplication and Source Disclosure Vulnerability
BID:1245
Info
Pacific Software Carello File Duplication and Source Disclosure Vulnerability
| Bugtraq ID: | 1245 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | May 24 2000 12:00AM |
| Updated: | May 24 2000 12:00AM |
| Credit: | Discovered by Cerberus Security Team <[email protected]> and publicized in a Cerberus Information Security Advisory (CISADV000524b). |
| Vulnerable: |
Pacific Software Carello 1.2.1 |
| Not Vulnerable: | |
Discussion
Pacific Software Carello File Duplication and Source Disclosure Vulnerability
A remote user can gain read and write access on a target machine running Carello shopping cart software.
First, a user may create a duplicate of a known file in a known directory on the target host through add.exe in /scripts/Carello. Accessing http://target/scripts/Carello/add.exe?C:\directory\filename.ext will generate a duplicate file with a "1" appended to the filename (eg. filename.ext1). From here, the remote user would perform a http request of the newly created duplicate file and be able to view the contents of it.
This vulnerability depends on the anonymous internet account having write access to the relevant directories.
A remote user can gain read and write access on a target machine running Carello shopping cart software.
First, a user may create a duplicate of a known file in a known directory on the target host through add.exe in /scripts/Carello. Accessing http://target/scripts/Carello/add.exe?C:\directory\filename.ext will generate a duplicate file with a "1" appended to the filename (eg. filename.ext1). From here, the remote user would perform a http request of the newly created duplicate file and be able to view the contents of it.
This vulnerability depends on the anonymous internet account having write access to the relevant directories.
Exploit / POC
Pacific Software Carello File Duplication and Source Disclosure Vulnerability
http://target/scripts/Carello/add.exe?C:\directory\filename.ext
http://target/scripts/Carello/add.exe?C:\directory\filename.ext
Solution / Fix
Pacific Software Carello File Duplication and Source Disclosure Vulnerability
Solution:
Carello is no longer supported by Pacific Software. However, a new version of the product is expected to be released within the next couple of months which will have this vulnerability rectified.
Solution:
Carello is no longer supported by Pacific Software. However, a new version of the product is expected to be released within the next couple of months which will have this vulnerability rectified.
References
Pacific Software Carello File Duplication and Source Disclosure Vulnerability
References:
References:
- Carello Product Home Page (Pacific Software)