Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Apps :: mercntyl.htm

Mercantyle vulnerable to simple URL attacks



Vulnerability

    Mercantyle

Affected

    WinNT

Description

    Mark  O'Neill  found  following.   It  concerns  a  product called
    Mercantyle from Triptych (www.triptych.co.uk).  It is an  NT-based
    product used on bookstore sites around the world.  However, it  is
    very vulnerable to simple URL attacks such as:

        http://www.watkinsbooks.com/live/twist/twist.plx?form=3D\winnt\system32\hardware.inf

    In  the  case  of  the  above  site,  any  file on their server is
    available  simply  by  passing  its  name to the twist.plx script.
    There are other security holes  also.  It is astonishing  how many
    security holes are in this software.

Solution

    Nothing yet.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH