OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Tacettin Karadeniz (tacettinkaradenizyahoo.com)
Date: Tue Jun 18 2002 - 06:20:48 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Summary
    MetaCart2.sql is an ASP based shopping Cart
    application with SQL database. A security
    vulnerability in the product allows attackers to
    access the database used for storing user provided
    data (Credit cart numbers, Names, Surnames, Addresses,
    E-mails, etc).

     
    Details Exploit:
    Accessing any of the following URL will return the
    database used by the
    product:
    http://xxxshop/database/metacart.mdb
    http://xxxshop/metacart/database/metacart.mdb

    __________________________________________________
    Do You Yahoo!?
    Yahoo! - Official partner of 2002 FIFA World Cup
    http://fifaworldcup.yahoo.com