Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Metacart vuln.

From: Tacettin Karadeniz <tacettinkaradeniz () yahoo com>
Date: Tue, 18 Jun 2002 04:20:48 -0700 (PDT)
Summary 
MetaCart2.sql is an ASP based shopping Cart
application with SQL database. A security
vulnerability in the product allows attackers to
access the database used for storing user provided
data (Credit cart numbers, Names, Surnames, Addresses,
E-mails, etc).

 
Details Exploit:
Accessing any of the following URL will return the
database used by the 
product:
http://xxxshop/database/metacart.mdb
http://xxxshop/metacart/database/metacart.mdb


__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com
Previous By Date Next
Previous By Thread Next

Current thread: