TUCoPS :: HP Unsorted O :: bu-1685.htm

OpenCart CSRF Vulnerability
OpenCart CSRF Vulnerability
OpenCart CSRF Vulnerability


Advisory Information:=0D
=0D
Title: OpenCart CSRF Vulnerability=0D
Advisory URL:=0D
http://blog.visionsource.org/2010/01/28/opencart-csrf-vulnerability/=0D 
Date published: 2010-01-28=0D
Vendors contacted: OpenCart=0D
Security Risk: High=0D
=0D
Vulnerability Description:=0D
=0D
OpenCart is vulnerable to CSRF attacks using the POST method. It is possible to craft a malicious page that will create an administrator user when the victim, who is logged into OpenCart, visits the malicious page.=0D
=0D
Proofs of Concept:=0D
=0D
=0D
=0D
  =0D
    OpenCart CSRF Vulnerability=0D
    =0D
	=0D
  =0D
  =0D
    OpenCart CSRF Vulnerability=0D
=0D
	/index.php?route=user/user/insert
=0D
	Add User=0D
=0D
	
Results: (this frame can be hidden so the user never knows the attack was performed)
=0D
	=0D
  =0D
=0D

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH