CactuShop Lite contains a backdoor

cactushoplite-backdoor (15063) The risk level is classified as HighHigh Risk

Description:

CactuShop Lite could allow a remote attacker to gain unauthorized access. CactuShop Lite contains a backdoor, caused by a vulnerability in the AddToMailingList function in the includes/functions.asp file. This could allow a remote attacker to delete arbitrary files on the victim's system.


Consequences:

Gain Access

Remedy:

No remedy available as of April 1, 2014.

References:

  • CactuShop Lite Web site: ASP shopping cart software for running ecommerce on Windows Servers using MS Access.
  • Full-Disclosure Mailing List, Fri Feb 06 2004 - 06:02:56 CST : CactuSoft CactuShop 5.0 Lite shopping cart software backdoor.
  • BID-9589: Cactusoft CactuShop Lite Remote Arbitrary File Deletion Backdoor Vulnerability
  • BID-959: NT LsaQueryInformationPolicy() Domain SID Leak Vulnerability
  • CVE-2004-0260: The AddToMailingList function in CactuSoft CactuShop 5.0 Lite contains a backdoor that allows remote attackers to delete arbitrary files via an email address that starts with |||.
  • OSVDB ID: 6615: CactuSoft CactuShop AddToMailingList Delete Arbitrary File

Platforms Affected:

  • Cactusoft CactuShop Lite

Reported:

Feb 06, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page