Bugtraq mailing list archives
MidiCart Shopping Cart Software database vulnerability
From: Dimitri Sekhniashvili <contrabanda () wanex ge>
Date: 7 Aug 2002 08:22:51 -0000
Summary MIDICART is s an ASP and PHP based shopping Cart application with MS Access and SQL database. A security vulnerability in the product allows remote attackers to download the product's database, thus gain access to sensitive information about users of the product (name, surname, address, e-mail, phone number, credit card number, and company name). Example: Accessing the following URL will return the database used by the product: http://someshope.com/shoppingdirectory/midicart.mdb Additional information The information has been provided by Dimitri Sekhniashvili (CONTRABANDA) E-mail: contrabanda () wanex ge
Current thread:
- MidiCart Shopping Cart Software database vulnerability Dimitri Sekhniashvili (Aug 10)