comersusv6.txt

2005-04-17T00:00:00
ID PACKETSTORM:36971
Type packetstorm
Reporter Zinho
Modified 2005-04-17T00:00:00

Description

                                        
                                            `--Alt-Boundary-27163.23868601  
Content-type: text/plain; charset=US-ASCII  
Content-transfer-encoding: 7BIT  
Content-description: Mail message body  
  
Hackers Center Security Group (http://www.hackerscenter.com/)   
Zinho's Security Advisory   
  
  
Title: Comersus v6 Shopping Cart Sever Script injection  
Risk: High   
Date: 3/04/2005   
  
  
Comersus is one of the most used Shopping Cart software written in asp, available for   
*nix and windows platforms.  
  
  
A critical script injection can lead to admin privileges stealing:  
  
Proof of concept: By registering on the site with username:   
" Tommy <script>alert(document.cookie)</script> "  
  
the script will be executed in all the pages in which Tommy's account is listed. Among   
the other also in the admin pages.  
Being comersus a shopping cart script, this is reported as a high risk level issue  
  
  
  
Author:   
Zinho is webmaster and founder of http://www.hackerscenter.com , Security research   
portal   
Secure Web Hosting Companies Reviewed:   
http://www.securityforge.com/web-hosting/secure-web-hosting.asp   
  
zinho-no-spam @ hackerscenter.com   
  
====>  
Webmaster of  
.:[ Hackers Center : Internet Security Portal]:.  
http://www.hackerscenter.com  
http://www.securityforge.com/web-hosting  
  
  
  
--Alt-Boundary-27163.23868601  
Content-type: text/html; charset=US-ASCII  
Content-transfer-encoding: 7BIT  
Content-description: Mail message body  
  
<?xml version="1.0" ?><html>  
<head>  
<title></title>  
</head>  
<body>  
<div align="left"><font face="Arial"><span style="font-size:10pt">Hackers Center Security Group (</span></font><font face="Arial" color="#0000ff"><span style="font-size:10pt"><u>http://www.hackerscenter.com/</u>)</span></font><font   
face="Arial"><span style="font-size:10pt"> </span></font></div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">Zinho's Security Advisory </span></font></div>  
<div align="left"><br/>  
</div>  
<div align="left"><br/>  
</div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">Title: Comersus v6 Shopping Cart Sever Script injection</span></font></div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">Risk: High </span></font></div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">Date: 3/04/2005 </span></font></div>  
<div align="left"><br/>  
</div>  
<div align="left"><br/>  
</div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">Comersus is one of the most used Shopping Cart software written in asp, available for   
*nix and windows platforms.</span></font></div>  
<div align="left"><br/>  
</div>  
<div align="left"><br/>  
</div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">A critical script injection can lead to admin privileges stealing:</span></font></div>  
<div align="left"><br/>  
</div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">Proof of concept: By registering on the site with username: </span></font></div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">" Tommy <script>alert(document.cookie)</script> "</span></font></div>  
<div align="left"><br/>  
</div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">the script will be executed in all the pages in which Tommy's account is listed. Among   
the other also in the admin pages.</span></font></div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">Being comersus a shopping cart script, this is reported as a high risk level issue</span></font></div>  
<div align="left"><br/>  
</div>  
<div align="left"><br/>  
</div>  
<div align="left"><br/>  
</div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">Author: </span></font></div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">Zinho is webmaster and founder of </span></font><font face="Arial" color="#008000"><span style="font-size:10pt"><u>http://www.hackerscenter.com</u></span></font><font   
face="Arial"><span style="font-size:10pt"> , Security research   
portal </span></font></div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">Secure Web Hosting Companies Reviewed: </span></font></div>  
<div align="left"><font face="Arial" color="#008000"><span style="font-size:10pt"><u>http://www.securityforge.com/web-hosting/secure-web-hosting.asp</u></span></font><font face="Arial"><span   
style="font-size:10pt"> </span></font></div>  
<div align="left"><br/></div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">zinho-no-spam @ hackerscenter.com </span></font></div>  
<div align="left"><br/>  
</div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">====></span></font></div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">Webmaster of</span></font></div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">.:[ Hackers Center : Internet Security Portal]:.</span></font></div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">http://www.hackerscenter.com</span></font></div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">http://www.securityforge.com/web-hosting</span></font></div>  
<div align="left"><br/>  
</div>  
<div align="left"></div>  
</body>  
</html>  
  
--Alt-Boundary-27163.23868601--  
`