Reporter Christian Schneider
`-----BEGIN PGP SIGNED MESSAGE-----
"Cross-Site Request Forgery (CSRF) protection bypass" (CWE-352) vulnerability
in "KonaKart Storefront Application" Enterprise Java eCommerce product
DS Data Systems (UK) Ltd.
"KonaKart is an affordable java based shopping cart software solution for online retailers.
Let KonaKart help increase your eCommerce sales."
- source: http://www.konakart.com
"KonaKart is a Java eCommerce system aimed at medium to large online retailers."
- source: https://en.wikipedia.org/wiki/KonaKart
This vulnerability affects versions of KonaKart Storefront Application prior to 18.104.22.168
The vendor has released a XSRF fix as part of version 22.214.171.124 at
This issue was reported to the vendor by Christian Schneider (@cschneider4711)
following a responsible disclosure process.
The existing CSRF protection token was checked for every POST request
properly. When modifying the request from POST method to GET method
all state-changing actions worked as well, but the CSRF token protection
was no longer enforced, allowing CSRF attacks.
Exploitation demonstration was responsibly provided along with the vulnerability
report to the vendor, which changed a victim's mail address (using the CSRF
protection bypass) to an attacker-supplied mail address, allowing a successful
reset of victim's account password by the attacker.
2014-05-02 Vulnerability discovered
2014-05-02 Vulnerability responsibly reported to vendor
2014-05-02 Reply from vendor acknowledging report
2014-??-?? Vendor released patch as part of version 126.96.36.199
2014-09-20 Advisory published via BugTraq
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
-----END PGP SIGNATURE-----