Vulnerabilities > CVE-2004-0682 - Multiple vulnerability in Comersus Open Technologies Comersus Cart 5.0.9

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

comersus-open-technologies

nessus

exploit available

NVD

Published: 2004-08-06

Updated: 2017-07-11

Summary

comersus_gatewayPayPal.asp in Comersus Cart 5.09, and possibly other versions before 5.098, allows remote attackers to change the prices of items by directly modifying them in the URL.

Vulnerable Configurations

Part	Description	Count
Application	Comersus_Open_Technologies Comersus Open Technologies Comersus Cart 5.0.9	1

Exploit-Db

description	Comersus Open Technologies Comersus 5.0 comersus_gatewayPayPal.asp Price Manipulation. CVE-2004-0682. Webapps exploit for asp platform
id	EDB-ID:24260
last seen	2016-02-02
modified	2004-07-07
published	2004-07-07
reporter	Thomas Ryan
source	https://www.exploit-db.com/download/24260/
title	Comersus Open Technologies Comersus 5.0 comersus_gatewayPayPal.asp Price Manipulation

Nessus

NASL family	CGI abuses
NASL id	COMERSUS_SQL_INJECTION.NASL
description	The remote host is running the Comersus Shopping Cart Software. There is a flaw in this interface that allows an attacker to log in as any user by using a SQL injection flaw in the code of comersus_backoffice_login.php. An attacker may use this flaw to gain unauthorized access on this host, or to gain the control of the remote database. In addition to this, the remote version of this software may be vulnerable to other issues (see BID 10674).
last seen	2020-06-01
modified	2020-06-02
plugin id	14183
published	2004-08-02
reporter	This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/14183
title	Comersus Cart Multiple Input Validation Vulnerabilities (SQLi, XSS)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if(description) { script_id(14183); script_version ("1.24"); script_cve_id("CVE-2004-0681", "CVE-2004-0682"); script_bugtraq_id(10674, 10824); script_xref(name:"Secunia", value:"12026"); script_xref(name:"Secunia", value:"12183"); script_name(english: "Comersus Cart Multiple Input Validation Vulnerabilities (SQLi, XSS)"); script_summary(english:"Checks for Comersus"); script_set_attribute( attribute:"synopsis", value: "The web application running on the remote host has multiple vulnerabilities." ); script_set_attribute(attribute:"description", value: "The remote host is running the Comersus Shopping Cart Software. There is a flaw in this interface that allows an attacker to log in as any user by using a SQL injection flaw in the code of comersus_backoffice_login.php. An attacker may use this flaw to gain unauthorized access on this host, or to gain the control of the remote database. In addition to this, the remote version of this software may be vulnerable to other issues (see BID 10674)." ); script_set_attribute( attribute:"see_also", value:"https://seclists.org/bugtraq/2004/Jul/71" ); script_set_attribute( attribute:"see_also", value:"https://seclists.org/bugtraq/2004/Aug/14" ); script_set_attribute( attribute:"see_also", value:"https://seclists.org/fulldisclosure/2004/Jul/1245" ); script_set_attribute( attribute:"solution", value:"Upgrade to the latest version of the software." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:U/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value: "2004/08/02"); script_set_attribute(attribute:"vuln_publication_date", value: "2004/07/06"); script_cvs_date("Date: 2018/11/15 20:50:16"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english: "CGI abuses"); script_copyright(english: "This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); script_dependencie("http_version.nasl"); script_require_ports("Services/www", 80); script_exclude_keys("Settings/disable_cgi_scanning"); script_require_keys("www/ASP"); exit(0); } # The script code starts here include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_http_port(default:3689); if (! get_port_state(port)) exit(0); if (! can_host_asp(port:port)) exit(0); if (wont_test_cgi(port: port)) exit(0); foreach dir (make_list( cgi_dirs())) { r = http_send_recv3( port: port, method: 'POST', item:dir + "/comersus_backoffice_login.php", data: "adminName=admin%27&adminpassword=123456&Submit2=Submit", add_headers: make_array("Content-Type", "application/x-www-form-urlencoded") ); if (isnull(r)) exit(0); if (egrep(pattern: "Microsoft.ODBC.80040e14", string: r[2])) { security_hole(port); set_kb_item(name: 'www/'+port+'/SQLInjection', value: TRUE); exit(0); } }

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References