source: http://www.securityfocus.com/bid/8210/info

.netCART is a web based e-commerce and shopping cart site designed for ASP.NET.

It has been alleged that .netCART fails to adequately protect the contents of a directory in a default install. It is therefore reportedly possible for remote users to request the an XML file from this directory. This could expose sensitive information stored in this file, including authentication credentials to remote attackers.

Information collected in this manner may be used to aid in further attacks launched against the vulnerable system.

http://www.example.com/Data/settings.xml