Hi All,
I am Maloy Roy Orko
Recently in one of my pentest research, I found a E-commerce System By Script And Tools which is an open source E-commerce Software.
Curious to explore its functionalities, I downloaded and set it up in my local system.
After fiddling with the source code, I found that the /admin/faq-delete.php file is vulnerable to Cross-Site Request Forgery (CSRF)
It can lead into:
- Unauthorized Actions
- Data Manipulation
- Account Takeover
- Financial Loss
- Compliance Violations
- Increased Attack Surface
The Main Thing Is,If any NON-IT personal uses this template,he will fall into this vulnerability and his companies reputation can be lost too.
Thats why, I am trying to inform everyone about this.
Title of the Vulnerability:
Script and Tools | eCommerce 3.0 | admin/faq-delete.php - CSRF
Vulnerability Class: Cross-Site Request Forgery (CSRF)
Product Name: eCommerce 3.0
Vendor: https:/github.com/scriptandtools/
Vulnerable Product Link: https:/github.com/scriptandtools/eCommerce-website-in-PHP
Technical Details & Description:
The application source code is coded in a way which allows : Cross-Site Request Forgery (CSRF)
Product & Service Introduction: eCommerce-3.0
Observation & Exploitation:
Here,The Vulnerable File Is:
/admin/faq-delete.php
Who will be affected of this attack?
->The Admin! Because Hackers will be able to delete the Faq Data To Make The Chatbot Unavailable!
Those Faq Data Basically Used For The ChatBot AI of This E-commerce Application!
So,the Chatbot of the website and support system may face Serious Loss To Provide Help And answer the customers!
Thus the admin will lose the Data of Faqs !
Lets Exploit 🌠🗝️🔐: (Reproduction)
Just see this link:
http:/192.168.0.102:8080/ecomm/admin/faq-delete.php?id=1
Here you will see the id is: 1
This actually means that if you give id no 3 in this parameter!
Then the /admin/faq-delete.php file will delete the Faq Data who has been assigned this id 3 !
So,lets check it ?
http:/192.168.0.102:8080/ecomm/admin/faq-delete.php?id=1
For this id no 1,There are Faq!
Check the screenshot!
So,Give A Hit In that Vulnerable Url when you are logged in as an admin!
The CSRF Vulnerable URL To delete Faq 1:
http:/192.168.0.102:8080/ecomm/admin/faq-delete.php?id=1
After giving a hit,The Faq Has been deleted and can't be seen now !
That means,CSRF Vulnerability exits here !
Thats how hackers can delete all faqs just changing the values !
Thus,it works and vulnerability has been found!
Prevention Strategies:
- Implement CSRF Token
- Ensure The Working Of CSRF Token
Conclusion :-
The main aim of this article is to show that if any NON-IT personal uses this template,he will fall into this vulnerability and his companies reputation can be lost too.But I also hope that it helps to give you ideas of how combining attacks can make them much more dangerous.