Summary |
---|
Description: | Another pathetic hole, this one allows people to view any file on the web server (which the web server process owner can view) |
Author: | Mikael Johansson <Mikael.Johansson@ABC.SE> |
Compromise: | View files on remote web servers, maybe even filch credit card numbers! |
Vulnerable Systems: | Those running iCat Carbo Server (ISAPI, Release) Version 3.0.0 |
Date: | 8 November 1997 |
Details |
---|
Date: Sat, 8 Nov 1997 11:11:12 +0100 From: Mikael Johansson <Mikael.Johansson@ABC.SE> To: best-of-security@cyber.com.au Subject: BoS: Security bug in iCat Suite version 3.0 iCat Carbo Server is a program used to create interactive shopping catalogs for the www. It was selected by PC Magazine's editors as the best Web storefront creation software. I've found a bug in the iCat Carbo Server Version 3.0.0. The bug let's everyone view any file at a system that is using Carbo (except for files with some special characters). See for yourselves... http request: http://host/carbo.dll?icatcommand=file_to_view&catalogname=catalog http answer: [iCat Carbo Server (ISAPI, Release) Version 3.0.0 Release Build 244] Error: (-1007) cannot open file 'C:\web\carbohome\file_to_view.htm' To view their c:\winnt\win.ini: http://host/carbo.dll?icatcommand=..\..\winnt\win.ini&catalogname=catalog As you can imagine this bug is rather dangerous. For example an evil hacker could steal creditcard information from users that have bought something at a site using Carbo Server 3.0.0. Mikael Johansson Mikael.Johansson@abc.se
More Exploits! |
---|
All OS's | Linux | Solaris/SunOS | Micro$oft |
*BSD | Macintosh | AIX | IRIX |
ULTRIX/Digital UNIX | HP/UX | SCO | Remote exploits |