‘A-CART Database Exposure’


A-CART is an ASP shopping cart application written in VBScript. It is comprised of a number of ASP scripts and an Access database.

A security vulnerability in the product allows remote attackers to download the product’s database, thus gain access to sensitive information about users of the product (name, surname, address, e-mail, credit card number, and user’s login-password).’


‘The information has been provided by Tacettin Karadeniz.’


Accessing the following URL will return the database used by the product:

Once you have created the DSN, you need to tell A-CART its name. This can be done by editing the line in db.asp, which says:
strConn = ‘acart2_0’

Change ‘acart2_0′ to the name of the DSN you have created.’

Categories: Windows