Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » MidiCart Shopping Cart Software database vulnerability

MidiCart Shopping Cart Software database vulnerability

by Nikola Strahija on August 11th, 2002 MIDICART is s an ASP and PHP based shopping Cart application with MS Access and SQL database. A security vulnerability in the product allows remote attackers to download the product's database, thus gain access to sensitive information about users of the product (name, surname, address, e-mail, phone number, credit card number, and company name).


Example:
Accessing the following URL will return the database used by the product:
http://someshope.com/shoppingdirectory/midicart.mdb

Additional information
The information has been provided by Dimitri Sekhniashvili (CONTRABANDA)
E-mail: [email protected]


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »