‘A-CART Database Exposure’
‘A-CART is an ASP shopping cart application written in VBScript. It is comprised of a number of ASP scripts and an Access database.
A security vulnerability in the product allows remote attackers to download the product’s database, thus gain access to sensitive information about users of the product (name, surname, address, e-mail, credit card number, and user’s login-password).’
‘The information has been provided by Tacettin Karadeniz.’
Accessing the following URL will return the database used by the product:
Once you have created the DSN, you need to tell A-CART its name. This can be done by editing the line in db.asp, which says:
strConn = ‘acart2_0’
Change ‘acart2_0′ to the name of the DSN you have created.’