Exploits / Vulnerability Discovered : 2021-06-09 |
Type : webapps |
Platform : php
This exploit / vulnerability Opencart 3.0.3.7 change password crosssite request forgery (csrf) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title : OpenCart 3.0.3.7 - 'Change Password' Cross-Site Request Forgery (CSRF)
# Date : 2021/08/06
# Exploit Author : Mert Daş merterpreter@gmail.com
# Software Link : http://www.opencart.com/index.php?route=download/download
: https://github.com/opencart
# Software web : www.opencart.com
# Tested on: Server : Xampp
# Cross-site request forgery
OpenCart is an open source shoping cart system , suffers from Cross-site request forgery through which attacker can manipulate user data via sending him malicious craft url.
OpenCart is not using any security token to prevent it against CSRF.
It is vulnerable to all location inside User panel.