Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: e-commerce, shopping carts :: web5621.htm

Midicart remote database download



12th Aug 2002 [SBWID-5621]
COMMAND

	Midicart remote database download

SYSTEMS AFFECTED

	Midicart ?

PROBLEM

	Dimitri Sekhniashvili [contrabanda@wanex.ge] says :
	

	MIDICART is an ASP and PHP  based  shopping  Cart  application  with  MS
	Access and SQL database. A security vulnerability in the product  allows
	remote attackers to download the product's database,  thus  gain  access
	to sensitive information about users  of  the  product  (name,  surname,
	address, e-mail, phone number, credit card number,  and  company  name).
	Example: Accessing the following URL will return the  database  used  by
	the product:
	

	http://someshope.com/shoppingdirectory/midicart.mdb

	

SOLUTION

	?


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH