Hi All,
I am Maloy Roy Orko
Recently in one of my pentest research, I found a E-commerce System By Script And Tools which is an open source E-commerce Software.
Curious to explore its functionalities, I downloaded and set it up in my local system.
After fiddling with the source code, I found that the /admin/product-delete.php file is vulnerable to Cross-Site Request Forgery (CSRF)
It can lead into:
- Unauthorized Actions
- Data Manipulation
- Account Takeover
- Financial Loss
- Compliance Violations
- Increased Attack Surface
The Main Thing Is,If any NON-IT personal uses this template,he will fall into this vulnerability and his companies reputation can be lost too.
Thats why, I am trying to inform everyone about this.
Title of the Vulnerability:
Script and Tools | eCommerce 3.0 | admin/product-delete.php - CSRF
Vulnerability Class: Cross-Site Request Forgery (CSRF)
Product Name: eCommerce 3.0
Vendor: https:/github.com/scriptandtools/
Vulnerable Product Link: https:/github.com/scriptandtools/eCommerce-website-in-PHP
Technical Details & Description:
The application source code is coded in a way which allows : Cross-Site Request Forgery (CSRF)
Product & product Introduction:
eCommerce-3.0
Observation & Exploitation:
Here,The Vulnerable File Is:
/admin/product-delete.php
Who will be affected of this attack?
->The Admin! Because Hackers will be able to delete the product Data To Make The Chatbot Unavailable!
Those product Data Basically Used For The ChatBot AI of This E-commerce Application!
So,the Chatbot of the website and support system may face Serious Loss To Provide Help And answer the customers and also the product data will not be shown in the website! So they will definitely face a loss!
Thus the admin will lose the Data of products !
Lets Exploit �: (Reproduction)
Just see this link:
http:/192.168.0.102:8080/ecomm/admin/product-delete.php?id=1
Here you will see the id is: 1
This actually means that if you give id no 3 in this parameter!
Then the /admin/product-delete.php file will delete the product Data who has been assigned this id 3 !
So,lets check it ?
http:/192.168.0.102:8080/ecomm/admin/product-delete.php?id=1
For this id no 1,There are product!
Check the screenshot!
So,Give A Hit In that Vulnerable Url when you are logged in as an admin!
The CSRF Vulnerable URL To delete product 1:
http:/192.168.0.102:8080/ecomm/admin/product-delete.php?id=1
After giving a hit,The product Has been deleted and can't be seen now !
That means,CSRF Vulnerability exits here !
Thats how hackers can delete all products just changing the values !
Thus,it works and vulnerability has been found!
Prevention Strategies:
- Implement CSRF Token
- Ensure The Working Of CSRF Token
Conclusion :-
The main aim of this article is to show that if any NON-IT personal uses this template,he will fall into this vulnerability and his companies reputation can be lost too.But I also hope that it helps to give you ideas of how combining attacks can make them much more dangerous.