[26620] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

MidiCart Shopping Cart Software database vulnerability

daemon@ATHENA.MIT.EDU (Dimitri Sekhniashvili)
Sat Aug 10 21:29:36 2002

Date: 7 Aug 2002 08:22:51 -0000
Message-ID: <20020807082251.27496.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Dimitri Sekhniashvili <contrabanda@wanex.ge>
To: bugtraq@securityfocus.com

Summary
MIDICART is s an ASP and PHP based shopping Cart application with MS 
Access and SQL database.
A security vulnerability in the product allows remote attackers to 
download the product's
database, thus gain access to sensitive information about users of the 
product 
(name, surname, address, e-mail, phone number, credit card number, and 
company name). 
Example: 
Accessing the following URL will return the database used by the product: 
http://someshope.com/shoppingdirectory/midicart.mdb 

Additional information 
The information has been provided by Dimitri Sekhniashvili (CONTRABANDA)
E-mail: contrabanda@wanex.ge


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[26620] in bugtraq

MidiCart Shopping Cart Software database vulnerability

daemon@ATHENA.MIT.EDU (Dimitri Sekhniashvili)Sat Aug 10 21:29:36 2002

daemon@ATHENA.MIT.EDU (Dimitri Sekhniashvili)
Sat Aug 10 21:29:36 2002