--Alt-Boundary-27163.23868601
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
Hackers Center Security Group (http://www.hackerscenter.com/)
Zinho's Security Advisory
Title: Comersus v6 Shopping Cart Sever Script injection
Risk: High
Date: 3/04/2005
Comersus is one of the most used Shopping Cart software written in asp, available for
*nix and windows platforms.
A critical script injection can lead to admin privileges stealing:
Proof of concept: By registering on the site with username:
" Tommy "
the script will be executed in all the pages in which Tommy's account is listed. Among
the other also in the admin pages.
Being comersus a shopping cart script, this is reported as a high risk level issue
Author:
Zinho is webmaster and founder of http://www.hackerscenter.com , Security research
portal
Secure Web Hosting Companies Reviewed:
http://www.securityforge.com/web-hosting/secure-web-hosting.asp
zinho-no-spam @ hackerscenter.com
====>
Webmaster of
.:[ Hackers Center : Internet Security Portal]:.
http://www.hackerscenter.com
http://www.securityforge.com/web-hosting
--Alt-Boundary-27163.23868601
Content-type: text/html; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
Hackers Center Security Group (http://www.hackerscenter.com/)
Zinho's Security Advisory
Title: Comersus v6 Shopping Cart Sever Script injection
Risk: High
Date: 3/04/2005
Comersus is one of the most used Shopping Cart software written in asp, available for
*nix and windows platforms.
A critical script injection can lead to admin privileges stealing:
Proof of concept: By registering on the site with username:
" Tommy <script>alert(document.cookie)</script> "
the script will be executed in all the pages in which Tommy's account is listed. Among
the other also in the admin pages.
Being comersus a shopping cart script, this is reported as a high risk level issue
Author:
Zinho is webmaster and founder of http://www.hackerscenter.com , Security research
portal
Secure Web Hosting Companies Reviewed:
http://www.securityforge.com/web-hosting/secure-web-hosting.asp
zinho-no-spam @ hackerscenter.com
====>
Webmaster of
.:[ Hackers Center : Internet Security Portal]:.
http://www.hackerscenter.com
http://www.securityforge.com/web-hosting
--Alt-Boundary-27163.23868601--