Team Asylum has discovered a vulnerability that exists in iHTML Merchant which would allow a malicious hacker to (at the very least) view the protected files in the website's administrative section, giving the attacker the ability to view credit card information. If the iHTML Merchant is being run on Windows 95/98/NT the vulnerability is much more severe. The vulnerability exists in how iHTML Merchant parses code. The attacker could: 1) Delete any file on the server 2) Write a file to any folder on the server. 3) Upload a trojan. 4) Steal credit card numbers, and other hidden information. If the iHTML Merchant is being run on UNIX, the possibility exists that the web site could be altered. These findings reflect the default settings for 95/98/NT and iHTML Merchant.
b1646822c7aa0f1604e4beccd66d0c27cb5d8c69f72132694bb5424c97673a8f