It's possible to obtain full user's database in file midicart.mdb.
vulners.com/securityvulns/securityvulns:doc:3346