NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2002-06

From: Tacettin Karadeniz (tacettinkaradenizyahoo.com)
Date: Tue Jun 18 2002 - 06:20:48 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Summary
MetaCart2.sql is an ASP based shopping Cart
application with SQL database. A security
vulnerability in the product allows attackers to
access the database used for storing user provided
data (Credit cart numbers, Names, Surnames, Addresses,
E-mails, etc).

Details Exploit:
Accessing any of the following URL will return the
database used by the
product:
http://xxxshop/database/metacart.mdb
http://xxxshop/metacart/database/metacart.mdb

__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]