SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Commerce)  >   Comersus Vendors:   Comersus Open Technologies
Comersus Input Validation Hole in 'username' Field Lets Remote Users Conduct Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1013634
SecurityTracker URL:  http://securitytracker.com/id/1013634
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 4 2005
Impact:   Disclosure of system information, Disclosure of user information, User access via network
Exploit Included:  Yes  
Version(s): 6
Description:   Zinho from Hackers Center Security Group reported a vulnerability in Comersus in the 'username' field. A remote user can conduct cross-site scripting attacks.

A remote user can register on the site with a specially crafted username. Then, when the target administrator views a page that lists the accounts, arbitrary scripting code will be executed by the target administrator's browser. The code will originate from the site running the vulnerable software and will run in the security context of that site. As a result, the code will be able to access the target administrator's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target administrator via web form to the site, or take actions on the site acting as the target administrator.

A demonstration exploit value is provided (in quotes):

" Tommy <script>alert(document.cookie)</script> "

Impact:   A remote user can access the target administrator's cookies (including authentication cookies), if any, associated with the site running the Comersus software, access data recently submitted by the target administrator via web form to the site, or take actions on the site acting as the target administrator.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.comersus.org/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  [HSC Security Group] Comersus v6 Script injection


Hackers Center Security Group (http://www.hackerscenter.com/)     
Zinho's Security Advisory      


Title: Comersus v6 Shopping Cart Sever Script injection
Risk: High   
Date: 3/04/2005     


Comersus is one of the most used Shopping Cart software written in asp, available for 
*nix and windows platforms.


A critical script injection can lead to admin privileges stealing:

Proof of concept: By registering on the site with username: 
" Tommy <script>alert(document.cookie)</script> "

the script will be executed in all the pages in which Tommy's account is listed. Among 
the other also in the admin pages.
Being comersus a shopping cart script, this is reported as a high risk level issue



Author:      
Zinho is webmaster and founder of http://www.hackerscenter.com ,   Security research   
portal    
Secure Web Hosting Companies Reviewed:   
http://www.securityforge.com/web-hosting/secure-web-hosting.asp   

zinho-no-spam @ hackerscenter.com 

====>
Webmaster of
.:[ Hackers Center : Internet Security Portal]:.
http://www.hackerscenter.com
http://www.securityforge.com/web-hosting
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC