Home page logo
/

bugtraq logo Bugtraq mailing list archives

Metacart vuln.
From: Tacettin Karadeniz <tacettinkaradeniz () yahoo com>
Date: Tue, 18 Jun 2002 04:20:48 -0700 (PDT)

Summary 
MetaCart2.sql is an ASP based shopping Cart
application with SQL database. A security
vulnerability in the product allows attackers to
access the database used for storing user provided
data (Credit cart numbers, Names, Surnames, Addresses,
E-mails, etc).

 
Details Exploit:
Accessing any of the following URL will return the
database used by the 
product:
http://xxxshop/database/metacart.mdb
http://xxxshop/metacart/database/metacart.mdb


__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com


  By Date           By Thread  

Current thread:
  • Metacart vuln. Tacettin Karadeniz (Jun 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]