[25842] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Metacart vuln.

daemon@ATHENA.MIT.EDU (Tacettin Karadeniz)
Tue Jun 18 09:45:26 2002

Message-ID: <20020618112048.64710.qmail@web21308.mail.yahoo.com>
Date: Tue, 18 Jun 2002 04:20:48 -0700 (PDT)
From: Tacettin Karadeniz <tacettinkaradeniz@yahoo.com>
To: bugtraq@securityfocus.com
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii

Summary 
MetaCart2.sql is an ASP based shopping Cart
application with SQL database. A security
vulnerability in the product allows attackers to
access the database used for storing user provided
data (Credit cart numbers, Names, Surnames, Addresses,
E-mails, etc).

Details Exploit:
Accessing any of the following URL will return the
database used by the 
product:
http://xxxshop/database/metacart.mdb
http://xxxshop/metacart/database/metacart.mdb

__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[25842] in bugtraq

Metacart vuln.

daemon@ATHENA.MIT.EDU (Tacettin Karadeniz)Tue Jun 18 09:45:26 2002

daemon@ATHENA.MIT.EDU (Tacettin Karadeniz)
Tue Jun 18 09:45:26 2002