|
Comersus Cart Multiple Input Validation Vulnerabilities
To exploit the cross-site scripting issues, an attacker must entice an unsuspecting victim into following a malicious URI. The attacker can use a browser to exploit the SQL-injection issue. The following example URI is available: http://www.example.com/comersus_message.asp?message=<script>alert('Bl@ckbe@rD is not dead yet')</script>[Peace xD ] The following proofs of concept have been provided: |
|
 Privacy Statement |
