Vulners
Lucene search
comersusv6.txt
`--Alt-Boundary-27163.23868601
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
Hackers Center Security Group (http://www.hackerscenter.com/)
Zinho's Security Advisory
Title: Comersus v6 Shopping Cart Sever Script injection
Risk: High
Date: 3/04/2005
Comersus is one of the most used Shopping Cart software written in asp, available for
*nix and windows platforms.
A critical script injection can lead to admin privileges stealing:
Proof of concept: By registering on the site with username:
" Tommy <script>alert(document.cookie)</script> "
the script will be executed in all the pages in which Tommy's account is listed. Among
the other also in the admin pages.
Being comersus a shopping cart script, this is reported as a high risk level issue
Author:
Zinho is webmaster and founder of http://www.hackerscenter.com , Security research
portal
Secure Web Hosting Companies Reviewed:
http://www.securityforge.com/web-hosting/secure-web-hosting.asp
zinho-no-spam @ hackerscenter.com
====>
Webmaster of
.:[ Hackers Center : Internet Security Portal]:.
http://www.hackerscenter.com
http://www.securityforge.com/web-hosting
--Alt-Boundary-27163.23868601
Content-type: text/html; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
<?xml version="1.0" ?><html>
<head>
<title></title>
</head>
<body>
<div align="left"><font face="Arial"><span style="font-size:10pt">Hackers Center Security Group (</span></font><font face="Arial" color="#0000ff"><span style="font-size:10pt"><u>http://www.hackerscenter.com/</u>)</span></font><font
face="Arial"><span style="font-size:10pt"> </span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Zinho's Security Advisory </span></font></div>
<div align="left"><br/>
</div>
<div align="left"><br/>
</div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Title: Comersus v6 Shopping Cart Sever Script injection</span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Risk: High </span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Date: 3/04/2005 </span></font></div>
<div align="left"><br/>
</div>
<div align="left"><br/>
</div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Comersus is one of the most used Shopping Cart software written in asp, available for
*nix and windows platforms.</span></font></div>
<div align="left"><br/>
</div>
<div align="left"><br/>
</div>
<div align="left"><font face="Arial"><span style="font-size:10pt">A critical script injection can lead to admin privileges stealing:</span></font></div>
<div align="left"><br/>
</div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Proof of concept: By registering on the site with username: </span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">" Tommy <script>alert(document.cookie)</script> "</span></font></div>
<div align="left"><br/>
</div>
<div align="left"><font face="Arial"><span style="font-size:10pt">the script will be executed in all the pages in which Tommy's account is listed. Among
the other also in the admin pages.</span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Being comersus a shopping cart script, this is reported as a high risk level issue</span></font></div>
<div align="left"><br/>
</div>
<div align="left"><br/>
</div>
<div align="left"><br/>
</div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Author: </span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Zinho is webmaster and founder of </span></font><font face="Arial" color="#008000"><span style="font-size:10pt"><u>http://www.hackerscenter.com</u></span></font><font
face="Arial"><span style="font-size:10pt"> , Security research
portal </span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Secure Web Hosting Companies Reviewed: </span></font></div>
<div align="left"><font face="Arial" color="#008000"><span style="font-size:10pt"><u>http://www.securityforge.com/web-hosting/secure-web-hosting.asp</u></span></font><font face="Arial"><span
style="font-size:10pt"> </span></font></div>
<div align="left"><br/></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">zinho-no-spam @ hackerscenter.com </span></font></div>
<div align="left"><br/>
</div>
<div align="left"><font face="Arial"><span style="font-size:10pt">====></span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Webmaster of</span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">.:[ Hackers Center : Internet Security Portal]:.</span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">http://www.hackerscenter.com</span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">http://www.securityforge.com/web-hosting</span></font></div>
<div align="left"><br/>
</div>
<div align="left"></div>
</body>
</html>
--Alt-Boundary-27163.23868601--
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
17 Apr 2005 00:00Current
7.4High risk
Vulners AI Score7.4