[HSC Security Group] Comersus v6 Script injection

From: Zinho (zinho_at_hackerscenter.com)
Date: 04/26/05

Next message: Terencentanio Enache: "myPHP Forum v3 (possible v1 & 2 also) Identification 'spoof'"

Previous message: Jeff Moss: "Black Hat USA 2005 Reminder CFP closing soon!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 26 Apr 2005 19:22:14 -0000
To: bugtraq@securityfocus.com

('binary' encoding is not supported, stored as-is)

Hackers Center Security Group (http://www.hackerscenter.com/)
Zinho's Security Advisory

Title: Comersus v6 Shopping Cart Sever Script injection
Risk: High

Comersus is one of the most used Shopping Cart software written in asp, available for *nix and windows platforms.

A critical script injection can lead to admin privileges stealing:

Proof of concept: By registering on the site with username:
" Tommy <script>alert(document.cookie)</script> "

the script will be executed in all the pages in which Tommy's account is listed. Among the other also in the admin pages.
Being comersus a shopping cart script, this is reported as a high risk level issue

Author:
Zinho is webmaster and founder of http://www.hackerscenter.com , Security research portal
Secure Web Hosting Companies Reviewed:
http://www.securityforge.com/web-hosting/secure-web-hosting.asp

zinho-no-spam @ hackerscenter.com

Next message: Terencentanio Enache: "myPHP Forum v3 (possible v1 & 2 also) Identification 'spoof'"

Previous message: Jeff Moss: "Black Hat USA 2005 Reminder CFP closing soon!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]