.netCART Settings.XML - Information Disclosure

2003-07-16T00:00:00
ID EXPLOITPACK:49EFA0E620A69CEFABA0FD9B272B98EB
Type exploitpack
Reporter G00db0y
Modified 2003-07-16T00:00:00

Description

.netCART Settings.XML - Information Disclosure

                                        
                                            source: https://www.securityfocus.com/bid/8210/info

.netCART is a web based e-commerce and shopping cart site designed for ASP.NET.

It has been alleged that .netCART fails to adequately protect the contents of a directory in a default install. It is therefore reportedly possible for remote users to request the an XML file from this directory. This could expose sensitive information stored in this file, including authentication credentials to remote attackers.

Information collected in this manner may be used to aid in further attacks launched against the vulnerable system.

http://www.example.com/Data/settings.xml