Script and Tools | eCommerce 3.0 | login.php - No Limit To Authentication Attempts To User Login

Hi All, 

I am Maloy Roy Orko

Recently in one of my pentest research, I found a Employee Management System application By tutorials-website which is an open source Employee Management System Software to manage users of a company or organization.

Curious to explore its functionalities, I downloaded and set it up in my local system. 

After fiddling with the source code, I found that the /login.php file is vulnerable to CWE-307: Improper Restriction of Excessive Authentication Attempts !

It can lead into:

• - Unauthorized Data Access

• - Account Takeover

• - Privilege Escalation

• - Denial of Service (DoS)

• - Reputation Damage

• - Regulatory Consequences

The Main Thing Is,If any NON-IT personal uses this template,he will fall into this vulnerability and his companies reputation can be lost too.

Thats why, I am trying to inform everyone about this.

Title of the Vulnerability: 

Script and Tools | eCommerce 3.0 | login.php - Excessive Authentication Attempts 

Vulnerability Class: CWE-307: Improper Restriction of Excessive Authentication Attempts

Product Name:  eCommerce 3.0 

Vendor: https://github.com/scriptandtools/

Vulnerable Product Link: https://github.com/scriptandtools/eCommerce-website-in-PHP

Technical Details & Description: 

The application source code is coded in a way which allows : CWE-307: Improper Restriction of Excessive Authentication Attempts.

Product & Service Introduction: 

eCommerce-3.0

Observation & Exploitation: 

Here,The Vulnerable File Is: /login.php

Who will be affected of this attack?

->The Users! Because Hackers will be able to access and modify user accounts and see even modify their orders and their verification informations and change the destination of ordered items.

Lets Exploit 🌠🗝️🔐:

First,Go To /login.php 

You can try for some random passwords for a user email!

You will see that there are no limits even you input 2000 wrong passwords!

But no need to try this ammount of passwords mannually!

Just use my coded tool for this job!

Tool Link: 

https://github.com/Maloyroyorko/E-commerce-3.0-user-bruter

There is a user email in the database:

chad@mail.com

We are gonna testing on this email !

So,at first go to the tool link I provided and install into your server and change the email where you wanna test!

My Test Subject Is: chad@mail.com

Just read the comments I wrote and follow them and The tool will be ready

Ok,Lets Get The Password?

So,The password is: 1234

Lets login?

Thus,it works and vulnerability has been found!

Prevention Strategies:

• Limit the login attempts

• Captcha Verification Implementation

Conclusion :- 

The main aim of this article is to show that if any NON-IT personal uses this template,he will fall into this vulnerability and his companies reputation can be lost too. But I also hope that it helps to give you ideas of how combining attacks can make them much more potent.