| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 25 Jan 2017 12:35:42 -0000 From: "Open Security" <open@...nsecurity.ca> To: bugtraq@...urityfocus.com Subject: OpenCart 2.3.0.2 CSRF - User Account Takeover ===[ Introduction ]=== OpenCart is a free open source ecommerce platform for online merchants. OpenCart provides a professional and reliable foundation from which to build a successful online store. ===[ Description ]=== There is a security vulnerability in OpenCart 2.3.0.2 which allows a hacker to break into a customer account. The bug exists in "My Account Information" page. The form is not protected with a token id, so a hacker can change user's information silently. A demonstrative video for this vulnerability can be found here : http://opensecurity.ca/media/opencart-csrf.mp4 ===[ Timeline ]=== [17/01/2017] - Email was sent to the vendor's support desk (request #100298) [19/01/2017] - Vendor asked to send the vulnerability to the Github repository [19/01/2017] - Vulnerability was reported to the Github repository [20/01/2017] - Vendor's staff replied that he knew about this vulnerability for years [25/01/2017] - Public disclosure ===[ Credits ]=== Vulnerability has been discovered by Omid @ Open Security. ===[ References ]=== Open Security : http://opensecurity.ca/ Original Advisory : http://opensecurity.ca/2017/01/opencart-csrf-user-account-takeover POC Video : http://opensecurity.ca/media/opencart-csrf.mp4
Powered by blists - more mailing lists