Comersus Cart Multiple Vulnerabilities
BID:12362
Info
Comersus Cart Multiple Vulnerabilities
| Bugtraq ID: | 12362 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 25 2005 12:00AM |
| Updated: | Jan 25 2005 12:00AM |
| Credit: | Discovery of this vulnerability is credited to raf somers <[email protected]>. |
| Vulnerable: |
Comersus Open Technologies Comersus Cart 6.0.1 Comersus Open Technologies Comersus Cart 6.0 Comersus Open Technologies Comersus Cart 5.0 991 Comersus Open Technologies Comersus Cart 5.0 98 Comersus Open Technologies Comersus Cart 5.0 9 |
| Not Vulnerable: |
Comersus Open Technologies Comersus Cart 6.0.2 |
Discussion
Comersus Cart Multiple Vulnerabilities
Comersus Cart is reportedly affected by multiple vulnerabilities. There is a possiblity of gaining administrator access due to a failure of the application to remove an installation script after install. There is the possiblity of SQL injection by passing a malicious HTTP referer header. There are also some possible cross-site scripting issues.
The vendor has addressed these issues in Comersus Cart version 6.0.2; earlier version are reportedly vulnerable.
Comersus Cart is reportedly affected by multiple vulnerabilities. There is a possiblity of gaining administrator access due to a failure of the application to remove an installation script after install. There is the possiblity of SQL injection by passing a malicious HTTP referer header. There are also some possible cross-site scripting issues.
The vendor has addressed these issues in Comersus Cart version 6.0.2; earlier version are reportedly vulnerable.
Exploit / POC
Comersus Cart Multiple Vulnerabilities
No exploit is required for any of the issues.
The following proof of concepts are available for the cross-site scripting issue:
http://www.example.com/comersus/backofficelite/comersus_supportError.asp?error=<script>alert('hi%20mum');</script>
http://www.example.com/comersus/backofficelite/comersus_backofficelite_supportError.asp?error=<script>alert('hi%20mum');</script>
The following proof of concept is available for the SQL injection issue:
GET /comersus/store/default.asp HTTP/1.1
Referer: <SQLCODE HERE>
No exploit is required for any of the issues.
The following proof of concepts are available for the cross-site scripting issue:
http://www.example.com/comersus/backofficelite/comersus_supportError.asp?error=<script>alert('hi%20mum');</script>
http://www.example.com/comersus/backofficelite/comersus_backofficelite_supportError.asp?error=<script>alert('hi%20mum');</script>
The following proof of concept is available for the SQL injection issue:
GET /comersus/store/default.asp HTTP/1.1
Referer: <SQLCODE HERE>
Solution / Fix
Comersus Cart Multiple Vulnerabilities
Solution:
The vendor has addressed these issues in Comersus Cart 6.0.2.
Comersus Open Technologies Comersus Cart 5.0 991
Comersus Open Technologies Comersus Cart 5.0 9
Comersus Open Technologies Comersus Cart 5.0 98
Comersus Open Technologies Comersus Cart 6.0
Comersus Open Technologies Comersus Cart 6.0.1
Solution:
The vendor has addressed these issues in Comersus Cart 6.0.2.
Comersus Open Technologies Comersus Cart 5.0 991
-
Comersus comersus.zip
http://www.comersus.com/download.html
Comersus Open Technologies Comersus Cart 5.0 9
-
Comersus comersus.zip
http://www.comersus.com/download.html
Comersus Open Technologies Comersus Cart 5.0 98
-
Comersus comersus.zip
http://www.comersus.com/download.html
Comersus Open Technologies Comersus Cart 6.0
-
Comersus comersus.zip
http://www.comersus.com/download.html
Comersus Open Technologies Comersus Cart 6.0.1
-
Comersus comersus.zip
http://www.comersus.com/download.html
References
Comersus Cart Multiple Vulnerabilities
References:
References:
- Comersus Cart Homepage (Comersus Open Technologies)
- bug report comersus Back Office Lite 6.0 and 6.0.1 (raf somers