[<prev] [next>] [day] [month] [year] [list]
Message-ID: <7edcd85428d7a6cf02643f59ce8ea51f@opensecurity.ca>
Date: Wed, 25 Jan 2017 12:35:42 -0000
From: "Open Security" <open@...nsecurity.ca>
To: bugtraq@...urityfocus.com
Subject: OpenCart 2.3.0.2 CSRF - User Account Takeover
===[ Introduction ]===
OpenCart is a free open source ecommerce platform for online merchants.
OpenCart provides a professional and reliable foundation from which to
build a successful online store.
===[ Description ]===
There is a security vulnerability in OpenCart 2.3.0.2 which allows a
hacker to break into a customer account.
The bug exists in "My Account Information" page. The form is not protected
with a token id, so a hacker can change user's information silently.
A demonstrative video for this vulnerability can be found here :
http://opensecurity.ca/media/opencart-csrf.mp4
===[ Timeline ]===
[17/01/2017] - Email was sent to the vendor's support desk (request #100298)
[19/01/2017] - Vendor asked to send the vulnerability to the Github
repository
[19/01/2017] - Vulnerability was reported to the Github repository
[20/01/2017] - Vendor's staff replied that he knew about this
vulnerability for years
[25/01/2017] - Public disclosure
===[ Credits ]===
Vulnerability has been discovered by Omid @ Open Security.
===[ References ]===
Open Security :
http://opensecurity.ca/
Original Advisory :
http://opensecurity.ca/2017/01/opencart-csrf-user-account-takeover
POC Video :
http://opensecurity.ca/media/opencart-csrf.mp4
Powered by blists - more mailing lists