Cart32 ChangeAdminPassword 2.0
 
Plugin ID15
Plugin nameCart32 ChangeAdminPassword
Plugin filenameCart32 ChangeAdminPassword.plugin
Plugin filesize2787 bytes
Plugin familyHTTP
Plugin created nameMarc Ruef
Plugin created emailmarc dot ruef at computec dot ch
Plugin created webhttp://www.computec.ch
Plugin created companycomputec.ch
Plugin created date2003/11/13
Plugin updated nameMarc Ruef
Plugin updated emailmarc dot ruef at computec dot ch
Plugin updated webhttp://www.computec.ch
Plugin updated companycomputec.ch
Plugin updated date2004/11/14
Plugin version2.0
Plugin changelogCorrected the plugin structure and added the accuracy values in 1.4. Improved the pattern matching and introduced the plugin changelog in 2.0
Plugin protocoltcp
Plugin port80
Plugin procedure detectionopen|send GET /c32web.exe/ChangeAdminPassword HTTP/1.0\n\n|sleep|close|pattern_exists HTTP/#.# 200 *
Plugin detection accuracy97
Plugin commentThis plugin was written with the ATK Attack Editor.
Bug advisoryhttp://www.cerberus-infosec.co.uk/advcart32.html
Bug affectedCart32 e-commerce shopping cart
Bug not affectedOther e-commerce shopping carts
Bug vulnerability classConfiguration
Bug descriptionIf the Cart32 e-commerce shopping cart is installed, there may be a backdoor available and every user could change the admin password.
Bug solutionUse another shopping cart software.
Bug fixing time1 day
Bug exploit availabilityYes
Bug exploit urlhttp://www.securityfocus.com/bid/1153/exploit/
Bug remoteYes
Bug localYes
Bug severityHigh
Bug popularity6
Bug simplicity6
Bug impact8
Bug risk7
Bug Nessus riskHigh
Bug check toolsNessus is also able to do the same check.
Source CVECAN-2000-0429
Source SecurityFocus BID1153
Source Nessus ID10389
Source LiteratureHacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427
Source Misc.http://www.computec.ch

This file was generated by the Attack Tool Kit (ATK), the open-sourced security scanner and exploiting framework.