Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: e-commerce, shopping carts :: bt653.txt

.netCart information disclusure

ZH2003-9SA (security advisory): .netCart information disclusure

Published: 16/07/2003

Released: 16/07/2003

Name: .netCart

Affected Systems: All versions (?) 

Issue: Remote attackers can obtain admin information (including passwords)




Zone-h Security Team has discovered a serious security flaw in 

.netCart current version (and older versions?). ".netCART is a full 

featured ecommerce and shopping cart component designed for ASP.NET.  

This product provides a complete ecommerce solution for ASP.NET."



.netCART is designed for ASP.NET, so it works with xml files. It's 

possible to retrieve the source of one of this file with admin

information. Then it's possible to login in such service like,, with these informations and

it's possible to see many more information from there.

The file with this problem is here:



The vendor has been contacted and a patch is not yet produced



Protect this file.

G00db0y - admin

Original advisory here:

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH