Home » Hacking News » MidiCart Shopping Cart Software database vulnerability

MidiCart Shopping Cart Software database vulnerability

by Nikola Strahija on August 11th, 2002 MIDICART is s an ASP and PHP based shopping Cart application with MS Access and SQL database. A security vulnerability in the product allows remote attackers to download the product's database, thus gain access to sensitive information about users of the product (name, surname, address, e-mail, phone number, credit card number, and company name).

Example:
Accessing the following URL will return the database used by the product:
http://someshope.com/shoppingdirectory/midicart.mdb

Additional information
The information has been provided by Dimitri Sekhniashvili (CONTRABANDA)
E-mail: [email protected]

From the forum

The forums are now OPEN AGAIN!

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Users login

JOIN XATRIX

MidiCart Shopping Cart Software database vulnerability

Related articles

Advisories

Vulnerabilities

From the forum

Newsletter signup

Free E-books

Contact