[14770] in bugtraq
Another interesting Cart32 command
daemon@ATHENA.MIT.EDU (cassius@HUSHMAIL.COM)
Wed May 3 18:05:56 2000
Message-Id: <200005030745.AAA07913@mail5.hushmail.com>
Date: Wed, 3 May 2000 00:39:26 -0800
Reply-To: cassius@HUSHMAIL.COM
From: cassius@HUSHMAIL.COM
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
Another interesting Cart32 command
example: http://example.com/cgi-bin/cart32.exe/expdate
This causes an error and displays a debugging page with server variables,
the
contents of the Cart32 administration directory and sometimes, the contents
of cgi-bin.
This makes it easy to spot misconfigured Cart32 installs (customer databases
installed to the cgi-bin directory.)
You could fix this one in a hexeditor by changing the /EXPDATE string to
something random.
/fx7#d@+ <--- free pseudo-random string
-Cassius
IMPORTANT NOTICE: If you are not using HushMail, this message could have been read easily by the many people who have access to your open personal email messages.
Get your FREE, totally secure email address at http://www.hushmail.com.
