comersus ASP shopping cart variable XSS

2013 年 10 月 17 日4680

##############################################
comersus ASP shopping cart 'curPage' variable XSS
vendor url: http://www.zjjv.com/ersus.com
advisore url:http://http://www.zjjv.com///2005/04/
comersus-asp-shopping-cart-variable.html
vendor notified : yes exploit avaible: yes
OSVDB ID:15539
BID : 13125
Securitytracker: 1013747
##############################################

comersus has a flaw that allows a remote cross site scripting attack.
This flaw exists because the application does not validate 'curpage'
variable upon submission to 'comersus_searchItem.asp' script.This
could allow a user to create a specially crafted URL that would execute
arbitrary code in a user's browser within the trust relationship
between the browser and the server,leading to a loss of integrity.

comersus versions:

3.90
4.00
4.14
4.20b
4.23
4.27
4.28
4.29
4.36
4,47
4.051
v6 beta not afected.

solution:

Upgrade to version v6 beta or higher, as it has been reported
to fix this vulnerability.An upgrade is required as there are
no known workarounds.

exploit:

http://[target]/store/comersus_searchItem.asp?strSearch=0&curPage=2
">%3Cscript%3Ealert(document.cookie)%3C/script%3E

thnx to estrella to be my ligth
thnx to all,day after day support me

--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://http://www.zjjv.com///
Data Mangle of: http://http://www.zjjv.com//
La curiosidad es lo que hace mover la mente....

0 0