Hi All,
I am Maloy Roy Orko
Recently in one of my pentest research, I found a E-commerce System By Script And Tools which is an open source E-commerce Software.
Curious to explore its functionalities, I downloaded and set it up in my local system.
After fiddling with the source code, I found that the /admin/order-delete.php file is vulnerable to Cross-Site Request Forgery (CSRF)
It can lead into:
- Unauthorized Actions
- Data Manipulation
- Account Takeover
- Financial Loss
- Compliance Violations
- Increased Attack Surface
The Main Thing Is,If any NON-IT personal uses this template,he will fall into this vulnerability and his companies reputation can be lost too.
Thats why, I am trying to inform everyone about this.
Title of the Vulnerability:
Script and Tools | eCommerce 3.0 | admin/order-delete.php - CSRF
Vulnerability Class: Cross-Site Request Forgery (CSRF)
Product Name: eCommerce 3.0
Vendor: https:/github.com/scriptandtools/
Vulnerable Product Link:
https:/github.com/scriptandtools/eCommerce-website-in-PHP
Technical Details & Description:
The application source code is coded in a way which allows : Cross-Site Request Forgery (CSRF)
Product & order Introduction:
eCommerce-3.0
Observation & Exploitation:
Vulnerable File Is:
/admin/order-delete.php
Who will be affected of this attack?
->The Admin! Because Hackers will be able to delete the order Data To Make The Order Delivery To All Information Unavailable!
Thus the admin will lose the Data of orders and unable to locate and process the order even the user can file case on the Admin!
Lets Exploit 🤝: (Reproduction)
Just see this link:
http:/192.168.0.102:8080/ecomm/admin/order-delete.php?id=1
Here you will see the id is: 1
This actually means that if you give id no 3 in this parameter!
Then the /admin/order-delete.php file will delete the order Data who has been assigned this id 3 !
So,lets check it ?
http:/192.168.0.102:8080/ecomm/admin/order-delete.php?id=1
For this id no 1,There are order!
Check the screenshot!
So,Give A Hit In that Vulnerable Url when you are logged in as an admin!
The CSRF Vulnerable URL To delete order 1:
http:/192.168.0.102:8080/ecomm/admin/order-delete.php?id=1
After giving a hit,The order Has been deleted and can't be seen now !
That means,CSRF Vulnerability exits here !
Thats how hackers can delete all orders just changing the values !
Thus,it works and vulnerability has been found!
Prevention Strategies:
- Implement CSRF Token
- Ensure The Working Of CSRF Token
Conclusion :-
The main aim of this article is to show that if any NON-IT personal uses this template,he will fall into this vulnerability and his companies reputation can be lost too.But I also hope that it helps to give you ideas of how combining attacks can make them much more dangerous.