[HSC Security Group] Comersus v6 Script injection

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: [HSC Security Group] Comersus v6 Script injection
From: Zinho <zinho@xxxxxxxxxxxxxxxxx>
Date: 26 Apr 2005 19:22:14 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm


Hackers Center Security Group (http://www.hackerscenter.com/)      
Zinho's Security Advisory       


Title: Comersus v6 Shopping Cart Sever Script injection 
Risk: High    
    


Comersus is one of the most used Shopping Cart software written in asp, 
available for  *nix and windows platforms. 


A critical script injection can lead to admin privileges stealing: 

Proof of concept: By registering on the site with username:  
" Tommy &lt;script&gt;alert(document.cookie)&lt;/script&gt; " 

the script will be executed in all the pages in which Tommy's account is 
listed. Among  the other also in the admin pages. 
Being comersus a shopping cart script, this is reported as a high risk level 
issue 



Author:       
Zinho is webmaster and founder of http://www.hackerscenter.com ,   Security 
research    portal     
Secure Web Hosting Companies Reviewed:    
http://www.securityforge.com/web-hosting/secure-web-hosting.asp    

zinho-no-spam @ hackerscenter.com

Prev by Date: Black Hat USA 2005 Reminder CFP closing soon!
Next by Date: myPHP Forum v3 (possible v1 & 2 also) Identification 'spoof'
Previous by thread: Black Hat USA 2005 Reminder CFP closing soon!
Next by thread: myPHP Forum v3 (possible v1 & 2 also) Identification 'spoof'
Index(es):
- Date
- Thread