##############################################
comersus ASP shopping cart 'curPage' variable XSS
vendor url: www.comersus.com
advisore url:http://lostmon.blogspot.com/2005/04/
comersus-asp-shopping-cart-variable.html
vendor notified : yes exploit avaible: yes
OSVDB ID:15539
BID : 13125
Securitytracker: 1013747
##############################################
comersus has a flaw that allows a remote cross site scripting attack.
This flaw exists because the application does not validate 'curpage'
variable upon submission to 'comersus_searchItem.asp' script.This
could allow a user to create a specially crafted URL that would execute
arbitrary code in a user's browser within the trust relationship
between the browser and the server,leading to a loss of integrity.
comersus versions:
3.90
4.00
4.14
4.20b
4.23
4.27
4.28
4.29
4.36
4,47
4.051
v6 beta not afected.
solution:
Upgrade to version v6 beta or higher, as it has been reported
to fix this vulnerability.An upgrade is required as there are
no known workarounds.
exploit:
http://[target]/store/comersus_searchItem.asp?strSearch=0&curPage=2
">%3Cscript%3Ealert(document.cookie)%3C/script%3E
thnx to estrella to be my ligth
thnx to all,day after day support me
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Data Mangle of: http://www.osvdb.org
La curiosidad es lo que hace mover la mente....