-
August 9th, 2002, 01:08 PM
#1
Junior Member
MidiCart Shopping Cart Software database vulnerability
MIDICART is s an ASP and PHP based shopping Cart application with MS Access and SQL database.
A security vulnerability in the product allows remote attackers to download the product's
database, thus gain access to sensitive information about users of the product
(name, surname, address, e-mail, phone number, credit card number, and company name).
Example:
Accessing the following URL will return the database used by the product:
http://someshope.com/shoppingdirectory/midicart.mdb
Additional information
The information has been provided by Dimitri Sekhniashvili (CONTRABANDA)
E-mail: contrabanda@wanex.ge
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|