AOH :: HP Unsorted O :: BU-1685.HTM

OpenCart CSRF Vulnerability



OpenCart CSRF Vulnerability
OpenCart CSRF Vulnerability



Advisory Information:=0D
=0D
Title: OpenCart CSRF Vulnerability=0D
Advisory URL:=0D
http://blog.visionsource.org/2010/01/28/opencart-csrf-vulnerability/=0D 
Date published: 2010-01-28=0D
Vendors contacted: OpenCart=0D
Security Risk: High=0D
=0D
Vulnerability Description:=0D
=0D
OpenCart is vulnerable to CSRF attacks using the POST method. It is possible to craft a malicious page that will create an administrator user when the victim, who is logged into OpenCart, visits the malicious page.=0D
=0D
Proofs of Concept:=0D
=0D
=0D
=0D
  =0D
    OpenCart CSRF Vulnerability=0D
    =0D
	=0D
  =0D
  =0D
    OpenCart CSRF Vulnerability=0D
=0D
	/index.php?route=user/user/insert
=0D Add User=0D =0D

Results: (this frame can be hidden so the user never knows the attack was performed)

=0D =0D =0D =0D

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.