Hi All,
I am Maloy Roy Orko
CVE Number : CVE-2025-3557
Recently in one of my pentest research, I found a E-commerce System By Script And Tools which is an open source E-commerce Software.
Curious to explore its functionalities, I downloaded and set it up in my local system.
After fiddling with the source code, I found that the admin/customer-delete.php file is vulnerable to Cross-Site Request Forgery (CSRF)
It can lead into:
- Unauthorized Actions
- Data Manipulation
- Account Takeover
- Financial Loss
- Compliance Violations
- Increased Attack Surface
The Main Thing Is,If any NON-IT personal uses this template,he will fall into this vulnerability and his companies reputation can be lost too.
Thats why, I am trying to inform everyone about this.
Title of the Vulnerability:
Script and Tools | eCommerce 3.0 | admin/customer-delete.php - Cross-Site Request Forgery (CSRF)
Vulnerability Class: Cross-Site Request Forgery (CSRF)
Product Name: eCommerce 3.0
Vendor: https://github.com/scriptandtools/
Vulnerable Product Link: https://github.com/scriptandtools/eCommerce-website-in-PHP
Technical Details & Description:
The application source code is coded in a way which allows : Cross-Site Request Forgery (CSRF)
Product & Service Introduction:
eCommerce-3.0
Observation & Exploitation:
Here,The Vulnerable File Is:
admin/customer-delete.php
Who will be affected of this attack?
->The Admin and All Users! Because Hackers will be able to delete the user acccounts even they are verified and active customers who ordered items and having running order users and this will lead to a Market Crash.
Lets Exploit 🌠🗝️🔐: (Reproduction)
Just see this link:
http://192.168.0.102:8080/ecomm/admin/customer-delete.php?id=1
Here you will see the id is: 1
This actually means that if you give id no 3 in this parameter!
Then the admin/customer-delete.php file will delete the user account who has been assigned this id 3 !
So,lets check it ?
http://192.168.0.102:8080/ecomm/admin/customer-delete.php?id=8
For this id no 8,There are a customer named Benjamin!
Check the screenshot!
So,Give A Hit In that Url when you are logged in as an admin!
The CSRF Vulnerable URL To delete Benjamin's Account:
http://192.168.0.102:8080/ecomm/admin/customer-delete.php?id=8
After giving a hit,The Account Of Benjamin Has been deleted and can't be seen now !
That means,CSRF Vulnerability exits here !
Thats how hackers can delete all users just changing the values !
Thus,it works and vulnerability has been found!
Prevention Strategies:
- Implement CSRF Token
- Ensure The Working Of CSRF Token
Conclusion :-
The main aim of this article is to show that if any NON-IT personal uses this template,he will fall into this vulnerability and his companies reputation can be lost too. But I also hope that it helps to give you ideas of how combining attacks can make them much more potent.