NCR Terminal Handler Arbitrary Code Execution and Information Disclosure Vulnerability

A vulnerability in NCR Terminal Handler version 1.5.1 allows remote attackers to execute arbitrary code and access sensitive information. This is achieved by sending a GET request to the UserService SOAP API endpoint, which validates the existence of a user. The response includes all profile information for valid usernames, including administrative details, while invalid usernames receive a 'User does not exist' message.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server and unauthorized access to sensitive user information, potentially including administrative data.

Reproduction

To reproduce this vulnerability, send a GET request to the UserService SOAP API endpoint with a valid username. The server will respond with the user's profile information. For an invalid username, the response will indicate that the user does not exist.