OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Dimitri Sekhniashvili (contrabanda_at_wanex.ge)
Date: Wed Aug 07 2002 - 03:22:51 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    ('binary' encoding is not supported, stored as-is) Summary
    MIDICART is s an ASP and PHP based shopping Cart application with MS
    Access and SQL database.
    A security vulnerability in the product allows remote attackers to
    download the product's
    database, thus gain access to sensitive information about users of the
    product
    (name, surname, address, e-mail, phone number, credit card number, and
    company name).
    Example:
    Accessing the following URL will return the database used by the product:
    http://someshope.com/shoppingdirectory/midicart.mdb

    Additional information
    The information has been provided by Dimitri Sekhniashvili (CONTRABANDA)
    E-mail: contrabandawanex.ge