Hi All,
I am Maloy Roy Orko
Recently in one of my pentest research, I found a Employee Management System application By tutorials-website which is an open source Employee Management System Software to manage users of a company or organization.
Curious to explore its functionalities, I downloaded and set it up in my local system.
After fiddling with the source code, I found that the admin/login.php file is vulnerable to CWE-307: Improper Restriction of Excessive Authentication Attempts !
It can lead into:
- - Unauthorized Data Access
- - Account Takeover
- - Privilege Escalation
- - Denial of Service (DoS)
- - Reputation Damage
- - Regulatory Consequences
The Main Thing Is,If any NON-IT personal uses this template,he will fall into this vulnerability and his companies reputation can be lost too.
Thats why, I am trying to inform everyone about this.
Title of the Vulnerability:
Script and Tools | eCommerce 3.0 | admin/login.php - No Limit To Authentication Attempts To Admin Login
Vulnerability Class: CWE-307: Improper Restriction of Excessive Authentication Attempts
Product Name: eCommerce 3.0
Vendor: https://github.com/scriptandtools/
Vulnerable Product Link: https://github.com/scriptandtools/eCommerce-website-in-PHP
Technical Details & Description:
The application source code is coded in a way which allows : CWE-307: Improper Restriction of Excessive Authentication Attempts.
Product & Service Introduction:
eCommerce-3.0
Observation & Exploitation:
Here,The Vulnerable File Is: admin/login.php
Who will be affected of this attack?
->The Admin! Because Hackers will be able to access and modify user accounts and see even modify their orders and their verification informations and change the destination of ordered items and even delete any running order users and this will lead to a Market Crash.
Lets Exploit 🌠🗝️🔐:
First,Go To admin/login.php
You can try for some random passwords for a user email!
You will see that there are no limits even you input 2000 wrong passwords!
But no need to try this ammount of passwords mannually!
Just use my coded tool for this job!
Tool Link:
https://github.com/Maloyroyorko/eCommerce-3.0-admin-bruter
There is an admin email in the database:
admin@mail.com
We are gonna testing on this email !
So,At first go to the tool link I provided and install into your server and change the email where you wanna test!
My Test Subject Is: admin@mail.com
Just read the comments I wrote in my Tool code and follow them and The tool will be ready
Ok,Lets Get The Password?
So,The password is: Password@123
Lets login?
Thus,it works and vulnerability has been found!
Prevention Strategies:
- Limit the login attempts
- Captcha Verification Implementation
Conclusion :-
The main aim of this article is to show that if any NON-IT personal uses this template,he will fall into this vulnerability and his companies reputation can
be lost too. But I also hope that it helps to give you ideas of how combining attacks can make them much more potent.