Dansie Shopping Cart Backdoor Detection

critical Nessus Plugin ID 10368

Synopsis

Arbitrary commands may be run on the remote host.

Description

The script /cart/cart.cgi is present.

If this shopping cart system is the Dansie Shopping Cart, and if it is older than version 3.0.8 then it is very likely that it contains a backdoor that allows anyone to execute arbitrary commands on this system.

Solution

Use another cart system.

Plugin Details

Severity: Critical

ID: 10368

File Name: dansie_cart.nasl

Version: 1.30

Type: remote

Family: Backdoors

Published: 4/13/2000

Updated: 6/13/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Vulnerability Publication Date: 4/11/2000

Reference Information

CVE: CVE-2000-0252, CVE-2000-0253, CVE-2000-0254

BID: 1115

Detections

Analytics