Comersus version 6 Shopping Cart is susceptible to cross site scripting attacks.
016e21a656961c3dd61b8501984a55c0eeda3e734aba42f5f209464234146435--Alt-Boundary-27163.23868601
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
Hackers Center Security Group (http://www.hackerscenter.com/)
Zinho's Security Advisory
Title: Comersus v6 Shopping Cart Sever Script injection
Risk: High
Date: 3/04/2005
Comersus is one of the most used Shopping Cart software written in asp, available for
*nix and windows platforms.
A critical script injection can lead to admin privileges stealing:
Proof of concept: By registering on the site with username:
" Tommy <script>alert(document.cookie)</script> "
the script will be executed in all the pages in which Tommy's account is listed. Among
the other also in the admin pages.
Being comersus a shopping cart script, this is reported as a high risk level issue
Author:
Zinho is webmaster and founder of http://www.hackerscenter.com , Security research
portal
Secure Web Hosting Companies Reviewed:
http://www.securityforge.com/web-hosting/secure-web-hosting.asp
zinho-no-spam @ hackerscenter.com
====>
Webmaster of
.:[ Hackers Center : Internet Security Portal]:.
http://www.hackerscenter.com
http://www.securityforge.com/web-hosting
--Alt-Boundary-27163.23868601
Content-type: text/html; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
<?xml version="1.0" ?><html>
<head>
<title></title>
</head>
<body>
<div align="left"><font face="Arial"><span style="font-size:10pt">Hackers Center Security Group (</span></font><font face="Arial" color="#0000ff"><span style="font-size:10pt"><u>http://www.hackerscenter.com/</u>)</span></font><font
face="Arial"><span style="font-size:10pt"> </span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Zinho's Security Advisory </span></font></div>
<div align="left"><br/>
</div>
<div align="left"><br/>
</div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Title: Comersus v6 Shopping Cart Sever Script injection</span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Risk: High </span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Date: 3/04/2005 </span></font></div>
<div align="left"><br/>
</div>
<div align="left"><br/>
</div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Comersus is one of the most used Shopping Cart software written in asp, available for
*nix and windows platforms.</span></font></div>
<div align="left"><br/>
</div>
<div align="left"><br/>
</div>
<div align="left"><font face="Arial"><span style="font-size:10pt">A critical script injection can lead to admin privileges stealing:</span></font></div>
<div align="left"><br/>
</div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Proof of concept: By registering on the site with username: </span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">" Tommy <script>alert(document.cookie)</script> "</span></font></div>
<div align="left"><br/>
</div>
<div align="left"><font face="Arial"><span style="font-size:10pt">the script will be executed in all the pages in which Tommy's account is listed. Among
the other also in the admin pages.</span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Being comersus a shopping cart script, this is reported as a high risk level issue</span></font></div>
<div align="left"><br/>
</div>
<div align="left"><br/>
</div>
<div align="left"><br/>
</div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Author: </span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Zinho is webmaster and founder of </span></font><font face="Arial" color="#008000"><span style="font-size:10pt"><u>http://www.hackerscenter.com</u></span></font><font
face="Arial"><span style="font-size:10pt"> , Security research
portal </span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Secure Web Hosting Companies Reviewed: </span></font></div>
<div align="left"><font face="Arial" color="#008000"><span style="font-size:10pt"><u>http://www.securityforge.com/web-hosting/secure-web-hosting.asp</u></span></font><font face="Arial"><span
style="font-size:10pt"> </span></font></div>
<div align="left"><br/></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">zinho-no-spam @ hackerscenter.com </span></font></div>
<div align="left"><br/>
</div>
<div align="left"><font face="Arial"><span style="font-size:10pt">====></span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Webmaster of</span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">.:[ Hackers Center : Internet Security Portal]:.</span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">http://www.hackerscenter.com</span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">http://www.securityforge.com/web-hosting</span></font></div>
<div align="left"><br/>
</div>
<div align="left"></div>
</body>
</html>
--Alt-Boundary-27163.23868601--
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed