Bugtraq mailing list archives
Metacart vuln.
From: Tacettin Karadeniz <tacettinkaradeniz () yahoo com>
Date: Tue, 18 Jun 2002 04:20:48 -0700 (PDT)
Summary MetaCart2.sql is an ASP based shopping Cart application with SQL database. A security vulnerability in the product allows attackers to access the database used for storing user provided data (Credit cart numbers, Names, Surnames, Addresses, E-mails, etc). Details Exploit: Accessing any of the following URL will return the database used by the product: http://xxxshop/database/metacart.mdb http://xxxshop/metacart/database/metacart.mdb __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com
Current thread:
- Metacart vuln. Tacettin Karadeniz (Jun 18)