Exploitation Summary
EIP tracks 1 public exploit for CVE-1999-1069. PoCs published by Mikael Johansson.
AI-analyzed exploit summary The vulnerability in iCat Electronic Commerce Suite's Carbo Server component allows directory traversal via malformed HTTP requests, enabling unauthorized file access. The provided example demonstrates how an attacker can retrieve arbitrary files by manipulating the 'icatcommand' parameter.
Description
Directory traversal vulnerability in carbo.dll in iCat Carbo Server 3.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the icatcommand parameter.
Exploits (1)
The vulnerability in iCat Electronic Commerce Suite's Carbo Server component allows directory traversal via malformed HTTP requests, enabling unauthorized file access. The provided example demonstrates how an attacker can retrieve arbitrary files by manipulating the 'icatcommand' parameter.