Security hole in iCat Carbo Server 3.0
|Description:||Another pathetic hole, this one allows people to view any file on the web server (which the web server process owner can view)|
|Author:||Mikael Johansson <Mikael.Johansson@ABC.SE>|
|Compromise:||View files on remote web servers, maybe even filch credit card numbers!|
|Vulnerable Systems:||Those running iCat Carbo Server (ISAPI, Release) Version 3.0.0 |
|Date:||8 November 1997 |
Date: Sat, 8 Nov 1997 11:11:12 +0100
From: Mikael Johansson <Mikael.Johansson@ABC.SE>
Subject: BoS: Security bug in iCat Suite version 3.0
iCat Carbo Server is a program used to create interactive shopping
catalogs for the www. It was selected by PC Magazine's editors as the
best Web storefront creation software.
I've found a bug in the iCat Carbo Server Version 3.0.0. The bug let's
everyone view any file at a system that is using Carbo (except for files
with some special characters).
See for yourselves...
[iCat Carbo Server (ISAPI, Release) Version 3.0.0 Release Build 244]
Error: (-1007) cannot open file 'C:\web\carbohome\file_to_view.htm'
To view their c:\winnt\win.ini:
As you can imagine this bug is rather dangerous. For example an evil
hacker could steal creditcard information from users that have bought
something at a site using Carbo Server 3.0.0.
The master index of all exploits is available
here (Very large file)
Or you can pick your favorite operating system:
This page is part of Fyodor's exploit
For a free program to automate scanning your network for vulnerable
hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces:
[ Nmap |
Sec Tools |
Mailing Lists |
Site News |