Hi all,
I am Maloy Roy Orko.
Recently,in one of my pentest research,I found a web application project and it was SwiftBuy — a modern PHP + MySQL e-commerce website featuring user and admin dashboards, product management, cart system, checkout, and real-time sales analytics. Built with HTML, CSS, JavaScript, Tailwind CSS, and Chart.js. by MD Tasin Rahman (Software Engineer)
So,I downloaded this and started to find vulnerabilities if it has.
CVE Number: In Review
After fiddling with the source code, I found that the admin/login.php file is vulnerable to CWE-307: Improper Restriction of Excessive Authentication Attempts.
It can lead into:
- - Unauthorized Data Access
- - Account Takeover
- - Privilege Escalation
- - Denial of Service (DoS)
- - Reputation Damage
- - Regulatory Consequences
The Main Thing Is,If any NON-IT personal uses this template,he will fall into this vulnerability and his companies reputation can be lost too.
Thats why, I am trying to inform everyone about this.
Title of the Vulnerability:
Swiftbuy V 1.0 | /login.php - No Limit To Authentication Attempts To Admin Login
Vulnerability Class: CWE-307: Improper Restriction of Excessive Authentication Attempts
Product Name: Swiftbuy V 1.0
Vendor: https://github.com/Tasin1025
Vulnerable Product Link:
https://github.com/Tasin1025/swift-buy-full-ecommerce-php
Technical Details & Description:
The application source code is coded in a way which allows : CWE-307: Improper Restriction of Excessive Authentication Attempts.
Product & Service Introduction:
Swiftbuy 1.0
Observation & Exploitation:
Here,The Vulnerable File Is: /login.php
Who will be affected of this attack?
->The Business Owner ! Because Hackers will be able to access and modify user accounts and see even modify their orders and their verification informations and change the destination of ordered items and even delete any running order users and this will lead to a Market Crash.
Lets Exploit 🌠🗝️🔐:
First,Go To /login.php
You can try for some random passwords for a user email!
You will see that there are no limits even you input 2000 wrong passwords!
But no need to try this ammount of passwords mannually!
Just use my coded tool for this job!
Exploit Link:
https://github.com/Maloyroyorko/Swiftbuy-Login-Exploiter/
There is a user email in the database:
wolf@gmail.com
We are gonna testing on this email !
So,At first go to the tool link I provided and install into your server and change the email where you wanna test!
My Test Subject Is: wolf@gmail.com
Just read the comments I wrote in my Tool code and follow them and The tool will be ready
Ok,Lets Get The Password?
So,The password is: wolf
Lets login?
Thus,it works and vulnerability has been found!
Prevention Strategies:
- Limit the login attempts
- Captcha Verification Implementation
Conclusion :-
The main aim of this article is to show that if any NON-IT personal uses this template,he will fall into this vulnerability and his companies reputation can be lost too. But I also hope that it helps to give you ideas of how combining attacks can make them much more potent.