osCommerce suffers from an authentication bypass vulnerability that allows for unsolicited mailing.
b9982ae7b67c17e621dd30b877cc77f1dbcf1eb0ccb066ecfb7e2b9dfdfab542
# Exploit Title: OsCommerce/Creloaded tell a friend authentication bypass
# Date: 04/02/2010
# Author: Nicolas Krassas
# Version: $Id: tell_a_friend.php,v 1.1.1.1 2008/06/29 23:38:03
# Tested on: linux
When /tell_a_friend.php is called directly the user is redirected at
/product_info.php?products_id=0 where an access denied message is displayed.
Providing a valid product id (eg.
/tell_a_friend.php?action=process&products_id=[Product_id] ) though a guest
user can bypass the restriction and send unsolicited mails through the
system.
Regards,
Nicolas Krassas