Vulnerabilities > CVE-2000-0429 - Unspecified vulnerability in Mcmurtrey Whitaker and Associates Cart32 2.6/3.0

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
mcmurtrey-whitaker-and-associates
nessus
exploit available
NVD
Published: 2000-04-27
Updated: 2016-10-18

Summary

A backdoor password in Cart32 3.0 and earlier allows remote attackers to execute arbitrary commands.

Vulnerable Configurations

Part Description Count
Application
Mcmurtrey_Whitaker_And_Associates
2

Exploit-Db

descriptionMcMurtrey/Whitaker & Associates Cart32 2.6/3.0 Remote Administration Password Vulnerability. CVE-2000-0429. Remote exploit for windows platform
idEDB-ID:19881
last seen2016-02-02
modified2000-04-27
published2000-04-27
reporterCerberus Security Team
sourcehttps://www.exploit-db.com/download/19881/
titleMcMurtrey/Whitaker & Associates Cart32 2.6/3.0 - Remote Administration Password Vulnerability

Nessus

NASL familyBackdoors
NASL idC32.NASL
descriptionThe Cart32 e-commerce shopping cart is installed. This software contains multiple security flaws. There is a backdoor password of
last seen2020-06-01
modified2020-06-02
plugin id10389
published2000-05-09
reporterThis script is Copyright (C) 2000-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/10389
titleCart32 Backdoor Password Arbitrary Command Execution
code
#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");


if(description)
{
 script_id(10389);
 script_version ("1.32");

 script_cve_id("CVE-2000-0429");
 script_bugtraq_id(1153);
 
 script_name(english:"Cart32 Backdoor Password Arbitrary Command Execution");
 script_summary(english:"Determines the presence of Cart32");
 
 script_set_attribute(
   attribute:"synopsis",
   value:"A web application running on the remote host has a backdoor."
 );
 script_set_attribute(attribute:"description", value:
"The Cart32 e-commerce shopping cart is installed. This software
contains multiple security flaws.

There is a backdoor password of 'wemilo' in cart32.exe. This backdoor
allows a remote attacker to run arbitrary commands in the context of
the web server, and access credit card information.

Additionally, it may be possible to change the administrator password
by going directly to :

/c32web.exe/ChangeAdminPassword" );
 script_set_attribute(
   attribute:"see_also",
   value:"https://seclists.org/bugtraq/2000/Apr/236"
 );
 script_set_attribute(
   attribute:"solution", 
   value:"Upgrade to Cart32 version 5.0 or later."
 );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:H/RL:U/RC:C");
 script_set_attribute(attribute:"plugin_publication_date", value: "2000/05/09");
 script_set_attribute(attribute:"vuln_publication_date", value: "2000/04/27");
 script_cvs_date("Date: 2018/11/15 20:50:16");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 
 script_copyright(english:"This script is Copyright (C) 2000-2018 Tenable Network Security, Inc.");
 script_family(english:"Backdoors");
 script_dependencie("http_version.nasl", "find_service1.nasl", "no404.nasl");
 script_require_ports("Services/www", 80);
 script_exclude_keys("Settings/disable_cgi_scanning");
 exit(0);
}

#
# The script code starts here
#

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:80, embedded: 0);

foreach dir (cgi_dirs())
{
 url = string(dir, "/cart32.exe");
 res = http_send_recv3(method:"GET", item:url, port:port);
 if ( isnull(res) ) exit(0);
 if ( egrep(pattern:"<title>Cart32 [0-2]\.", string:res) )
	{
	security_hole(port);
	exit(0);
	}
}

References