Hi All,
I am Maloy Roy Orko
Recently in one of my pentest research, I found a E-commerce System By Script And Tools which is an open source E-commerce Software.
Curious to explore its functionalities, I downloaded and set it up in my local system.
After fiddling with the source code, I found that the /admin/slider-delete.php file is vulnerable to Cross-Site Request Forgery (CSRF)
It can lead into:
- Unauthorized Actions
- Data Manipulation
- Account Takeover
- Financial Loss
- Compliance Violations
- Increased Attack Surface
The Main Thing Is,If any NON-IT personal uses this template,he will fall into this vulnerability and his companies reputation can be lost too.
Thats why, I am trying to inform everyone about this.
Title of the Vulnerability:
Script and Tools | eCommerce 3.0 | admin/slider-delete.php - CSRF
Vulnerability Class: Cross-Site Request Forgery (CSRF)
Product Name: eCommerce 3.0
Vendor: https:/github.com/scriptandtools/
Vulnerable Product Link: https:/github.com/scriptandtools/eCommerce-website-in-PHP
Technical Details & Description:
The application source code is coded in a way which allows : Cross-Site Request Forgery (CSRF)
Product & slider Introduction:
eCommerce-3.0
Observation & Exploitation:
Vulnerable File Is:
/admin/slider-delete.php
Who will be affected of this attack?
->The Admin! Because Hackers will be able to delete the slider Data To Make The Chatbot Unavailable!
Those slider Data Basically Used For The ChatBot AI of This E-commerce Application!
So,the Chatbot of the website and support system Team may face Serious Loss To Provide Help And answer the customers!
Thus the admin will lose the Data of sliders !
Lets Exploit 🤝: (Reproduction)
Just see this link:
http:/192.168.0.102:8080/ecomm/admin/slider-delete.php?id=1
Here you will see the id is: 1
This actually means that if you give id no 3 in this parameter!
Then the /admin/slider-delete.php file will delete the slider Data who has been assigned this id 3 !
So,lets check it ?
http:/192.168.0.102:8080/ecomm/admin/slider-delete.php?id=1
For this id no 1,There are slider!
Check the screenshot!
So,Give A Hit In that Vulnerable Url when you are logged in as an admin!
The CSRF Vulnerable URL To delete slider 1:
http:/192.168.0.102:8080/ecomm/admin/slider-delete.php?id=1
After giving a hit,The slider Has been deleted and can't be seen now !
That means,CSRF Vulnerability exits here !
Thats how hackers can delete all sliders just changing the values !
Thus,it works and vulnerability has been found!
Prevention Strategies:
- Implement CSRF Token
- Ensure The Working Of CSRF Token
Conclusion :-
The main aim of this article is to show that if any NON-IT personal uses this template,he will fall into this vulnerability and his companies reputation can be lost too.But I also hope that it helps to give you ideas of how combining attacks can make them much more dangerous.