comersus ASP shopping cart variable XSS

Tuesday, April 12, 2005
##############################################
comersus ASP shopping cart 'curPage' variable XSS
vendor url: www.comersus.com
advisore url:http://lostmon.blogspot.com/2005/04/
comersus-asp-shopping-cart-variable.html
vendor notified : yes exploit avaible: yes
OSVDB ID:15539
BID : 13125
Securitytracker: 1013747
##############################################

comersus has a flaw that allows a remote cross site scripting attack.
This flaw exists because the application does not validate 'curpage'
variable upon submission to 'comersus_searchItem.asp' script.This
could allow a user to create a specially crafted URL that would execute
arbitrary code in a user's browser within the trust relationship
between the browser and the server,leading to a loss of integrity.

comersus versions:

3.90
4.00
4.14
4.20b
4.23
4.27
4.28
4.29
4.36
4,47
4.051
v6 beta not afected.

solution:

Upgrade to version v6 beta or higher, as it has been reported
to fix this vulnerability.An upgrade is required as there are
no known workarounds.

exploit:

http://[target]/store/comersus_searchItem.asp?strSearch=0&curPage=2
">%3Cscript%3Ealert(document.cookie)%3C/script%3E



thnx to estrella to be my ligth
thnx to all,day after day support me

--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Data Mangle of: http://www.osvdb.org
La curiosidad es lo que hace mover la mente....
 

Browse

About:Me

My blog:http://lostmon.blogspot.com
Mail:Lostmon@gmail.com
Lostmon Google group
Lostmon@googlegroups.com

La curiosidad es lo que hace
mover la mente...