Update: 6:43 AM 6/30/2005 Subject: "Comdevn eCommerce Form Handler Vulnerabilities" Vulnerable version: Comdev eCommerce Publisher 3.1 Description: Comdev eCommerce is a ready-made, flexible ordering system that will allow you to sell any type of product with a few simple clicks. This application consists of a three sub-components: Catalog, Customer and Transaction, working together to make ordering a smooth performance. Vulnerability: A Vulnerable form has found on the 'review' section.User can add their review then steal ID cookies. Just add XSS code below on the 'review'form to retrive user cookies ID ,then try to click a link 'test',a popup will appear include ID cookies. Using the onClick handler,to catch ID cookies; http://[target]/ecommerce/index.php?homeinclude=catalog&category_id=&parent_id=0 Add Your Review Your Name______________________________ Your message___________________________ 'Put this XSS into 'Review' message form: [a href="xss.html" onMouseOver="alert(document.cookie);"]Test[/a] Solution: Vendor has notifed. Vendor URL: http://www.comdevweb.com/ecommerce.php Published by: basher13 (Infam0us Gr0up - Securiti Research) basher13@linuxmail.org / infamous.2hell.com