$Id: bosen-adv.6,v1 24/06/2003 bosen Exp $

1ndonesian Security Team (1st)
Bosen Advisory #6 Comersus XSS Vulnerability
24/06/2003




[1st] Comersus XSS Vulnerability
_______________________________________________________________________________


1ndonesian Security Team (1st)
http://bosen.net/releases/
==============================================================================================
Security Advisory



Advisory Name: Comersus XSS Vulnerability
 Release Date: 06/21/2003
  Application: 4.29
     Platform: Win32
     Severity: Medium
     BUG Type: XSS
       Author: Bosen <mobile@bosen.net>
  Discover by: Bosen <mobile@bosen.net>
Vendor Status: See below.
   Vendor URL: http://www.comersus.com/
    Reference: http://bosen.net/releases/



Overview:
Comersus is a sophisticated e-commerce system resulting from research and experience 
accumulated through years of work in electronic commerce strategies. 
The commercial implementation of the system was accomplished in the year 2000, 
in the Open Source mode.



Details:
The commercial implementation of the system was accomplished in the year 2000, 
in the Open Source mode. 
The bug lies on error msg handling in comersus_message.asp. Which is allow attacker 
to inject XSS script.



Exploits:
http://[target_site_with_sopping_cart_installed]/comersus_message.asp?message=<script>alert('1st')</script>


Vendor Response:
Not Contacted. Not high risk.



Recommendation:
No recommendation for this.



1ndonesian Security Team (1st) Advisory:
http://bosen.net/releases/



About 1ndonesian Security Team:
1ndonesian Security Team, research and develop intelligent, advanced application
security assessment. Based in Indonesia, 1ndonesian Security Team offers best of
breed security consulting services, specialising in application, host and network
security assessments.

1st provides security information and patches for use by the entire 1st community.

This information is provided freely to all interested parties and may be 
redistributed provided that it is not altered in any way, 1st is appropriately 
credited and the document retains.










Bosen <mobile@bosen.net>
======================
Original document can be fount at http://bosen.net/releases/?id=39