https://www.exploit-db.com/exploits/19881
https://www.securityfocus.com/bid/88300
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200004-076

Cart323.0和早期版本的后门密码存在漏洞，远程攻击者可以利用这个漏洞这些任意命令。

source: http://www.securityfocus.com/bid/1153/info


Within cart32.exe, entering any password by way of http://target/scripts/cart32.exe/cart32clientlist, a remote user could obtain vital client information such as username, password, credit card numbers, and other crucial details. Passwords will appear encrypted, however they can be used in conjunction with specific URL requests which can be used to execute arbitrary commands.

In addition, by accessing http://target/scripts/c32web.exe/ChangeAdminPassword, a remote user is able to change the administrative password without prior knowledge of the previous password.

http://target/scripts/cart32.exe/cart32clientlist 
Any password can be used.

http://target/scripts/c32web.exe/ChangeAdminPassword

Mcmurtrey Whitaker And Associates Cart32 3.0

Mcmurtrey Whitaker And Associates Cart32 2.6

来源:www.cart32.com
链接:http://www.cart32.com/kbshow.asp?article=c048
来源:BUGTRAQ
名称:20000427Alert:Cart32secretpasswordbackdoor(CISADV000427)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=95686068203138&w=2