Metacart vuln.

From: Tacettin Karadeniz (tacettinkaradenizat_private)
Date: Tue Jun 18 2002 - 04:20:48 PDT

Next message: Moser Max: "Wellenreiter-v1.4 introduces ESSID-bruteforcing"

Previous message: thc [@drug.org]: "tracesex.pl : TrACESroute 6.0 GOLD local format string exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Summary 
MetaCart2.sql is an ASP based shopping Cart
application with SQL database. A security
vulnerability in the product allows attackers to
access the database used for storing user provided
data (Credit cart numbers, Names, Surnames, Addresses,
E-mails, etc).

 
Details Exploit:
Accessing any of the following URL will return the
database used by the 
product:
http://xxxshop/database/metacart.mdb
http://xxxshop/metacart/database/metacart.mdb


__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

Next message: Moser Max: "Wellenreiter-v1.4 introduces ESSID-bruteforcing"
Previous message: thc [@drug.org]: "tracesex.pl : TrACESroute 6.0 GOLD local format string exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jun 18 2002 - 06:40:25 PDT