Bugtraq mailing list archives
[HSC Security Group] Comersus v6 Script injection
From: Zinho <zinho () hackerscenter com>
Date: 26 Apr 2005 19:22:14 -0000
Hackers Center Security Group (http://www.hackerscenter.com/) Zinho's Security Advisory Title: Comersus v6 Shopping Cart Sever Script injection Risk: High Comersus is one of the most used Shopping Cart software written in asp, available for *nix and windows platforms. A critical script injection can lead to admin privileges stealing: Proof of concept: By registering on the site with username: " Tommy <script>alert(document.cookie)</script> " the script will be executed in all the pages in which Tommy's account is listed. Among the other also in the admin pages. Being comersus a shopping cart script, this is reported as a high risk level issue Author: Zinho is webmaster and founder of http://www.hackerscenter.com , Security research portal Secure Web Hosting Companies Reviewed: http://www.securityforge.com/web-hosting/secure-web-hosting.asp zinho-no-spam @ hackerscenter.com
Current thread:
- [HSC Security Group] Comersus v6 Script injection Zinho (Apr 27)