AOH :: Web :: e-commerce, shopping carts

AOH :: Web :: e-commerce, shopping carts :: WEB5621.HTM
Midicart remote database download

12th Aug 2002 [SBWID-5621]

COMMAND

	Midicart remote database download

SYSTEMS AFFECTED

	Midicart ?

PROBLEM

	Dimitri Sekhniashvili [contrabanda@wanex.ge] says :
	

	MIDICART is an ASP and PHP  based  shopping  Cart  application  with  MS
	Access and SQL database. A security vulnerability in the product  allows
	remote attackers to download the product's database,  thus  gain  access
	to sensitive information about users  of  the  product  (name,  surname,
	address, e-mail, phone number, credit card number,  and  company  name).
	Example: Accessing the following URL will return the  database  used  by
	the product:
	

	http://someshope.com/shoppingdirectory/midicart.mdb

	

SOLUTION

	?

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.