https://www.exploit-db.com/exploits/19957
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200005-089

Carelloshoppingcart软件中add.exe程序存在漏洞。远程攻击者利用此漏洞将可以复制服务器上的文件，攻击者可以读取例如.ASP文件的web脚本的源代码。

source: http://www.securityfocus.com/bid/1245/info

A remote user can gain read and write access on a target machine running Carello shopping cart software.

First, a user may create a duplicate of a known file in a known directory on the target host through add.exe in /scripts/Carello. Accessing http://target/scripts/Carello/add.exe?C:directoryfilename.ext will generate a duplicate file with a "1" appended to the filename (eg. filename.ext1). From here, the remote user would perform a http request of the newly created duplicate file and be able to view the contents of it.

This vulnerability depends on the anonymous internet account having write access to the relevant directories. 

http://target/scripts/Carello/add.exe?C:directoryfilename.ext

来源:BID
名称:1245
链接:http://www.securityfocus.com/bid/1245
来源:BUGTRAQ
名称:20000524Alert:CarelloFileCreationflaw
链接:http://archives.neohapsis.com/archives/bugtraq/2000-05/0285.html