#####################################################
Comersus BackOffice Plus Cross site scripting
Vendor url:http://www.comersus.com/demo.html
Advisore:http://lostmon.blogspot.com/2005/10/
comersus-backoffice-plus-cross-site.html
vendor notify: yes. exploit available:yes
######################################################

Comersus BackOffice Plus contains a flaw that allows a remote cross
site scripting attack.This flaw exists because the application does
not validate
some variables upon submission to
comersus_backoffice_searchItemForm.asp script.This could allow a user
to create a specially crafted URL that
would execute arbitrary code in a user's browser within the trust
relationship between the browser and the server,leading to a
loss of integrity.

#############
version:
##############

Comersus Backoffice plus

###########
solution:
###########

No solution was available at this time.


####################
Timeline
####################

discovered: 24-09-2005
vendor notify:28-09-2005
vendor response:28-09-2005
vendor especific bug report: 7-10-2005
Vendor response:-----------
disclosure: 16-10-2005

##################
Proof of comcept:
##################

For exploit this flaw you must be logged...

http://[victim]/backOfficePlus/comersus_backoffice_searchItemForm.asp?forwardTo1=[XSS-CODE]comersus_backoffice_listAssignedCategories.asp&forwardTo2=[XSS-CODE]&nameFT1=[XSS-CODE]Select&nameFT2=[XSS-CODE]

 alll variables are vulnerables to Cross site
scripting

##################### €nd #####################

Thnx to estrella to be my ligth
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
--
La curiosidad es lo que hace mover la mente....