header-logo
Suggest Exploit
vendor:
tell a friend
by:
Nicolas Krassas
N/A
CVSS
N/A
Authentication Bypass
287
CWE
Product Name: tell a friend
Affected Version From: $Id: tell_a_friend.php,v 1.1.1.1 2008/06/29 23:38:03
Affected Version To: $Id: tell_a_friend.php,v 1.1.1.1 2008/06/29 23:38:03
Patch Exists: Unknown
Related CWE: None
CPE: None
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2010

OsCommerce/Creloaded tell a friend authentication bypass

When /tell_a_friend.php is called directly the user is redirected at /product_info.php?products_id=0 where an access denied message is displayed. Providing a valid product id (eg. /tell_a_friend.php?action=process&products_id=[Product_id] ) though a guest user can bypass the restriction and send unsolicited mails through the system.

Mitigation:

Ensure that authentication is properly enforced for all requests to the tell_a_friend.php page.
Source

Exploit-DB raw data:

This is a bug on old oscommerce / creloaded i just didn't find it in the
exploit-db database on the search.

# Exploit Title: OsCommerce/Creloaded tell a friend authentication bypass
# Date: 04/02/2010
# Author: Nicolas Krassas
# Version: $Id: tell_a_friend.php,v 1.1.1.1 2008/06/29 23:38:03
# Tested on: linux

When /tell_a_friend.php is called directly the user is redirected at
/product_info.php?products_id=0 where an access denied message is displayed.
Providing a valid product id (eg.
/tell_a_friend.php?action=process&products_id=[Product_id] ) though a guest
user can bypass the restriction and send unsolicited mails through the
system.

Regards,
Nicolas Krassas

Navigation

Suggest Exploit

Services By CQR