vendor:
Quick.Cart and Quick.CMS
by:
Alice Kaerast
6.8
CVSS
MEDIUM
Cross-Site Request Forgery (CSRF)
352
CWE
Product Name: Quick.Cart and Quick.CMS
Affected Version From: Quick.Cart 3.4
Affected Version To: Quick.CMS 2.4
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009
CSRF Vulnerability in Quick.Cart and Quick.CMS
There is a CSRF vulnerability in the delete functions of Quick.Cart and Quick.CMS. Deleting products, pages and orders is done through an HTTP GET function which although checked using javascript can be bypassed. An attacker creates an html page which calls a delete function using an img or iframe: <img src="http://server/Quick.Cart/admin.php?p=orders-delete&iOrder=2"; /> <iframe src="http://server/Quick.CMS/admin.php?p=p-delete&iPage=1";></iframe> The administrator of the vulnerable site then needs to visit this html page whilst logged into his/her site.
Mitigation:
The site administrator needs to be logged into the site and visit the attacker-owned html page. If a site administrator never surfs the internet whilst logged into his/her website then they are safe.