===================
"Cross-Site Request Forgery (CSRF) protection bypass" (CWE-352) vulnerability
in "KonaKart Storefront Application" Enterprise Java eCommerce product
Vendor
===================
DS Data Systems (UK) Ltd.
Product
===================
"KonaKart is an affordable java based shopping cart software solution for online retailers.
Let KonaKart help increase your eCommerce sales."
- source: http://www.konakart.com
"KonaKart is a Java eCommerce system aimed at medium to large online retailers."
- source: https://en.wikipedia.org/wiki/
Affected versions
===================
This vulnerability affects versions of KonaKart Storefront Application prior to 7.3.0.0
Patch
===================
The vendor has released a XSRF fix as part of version 7.3.0.0 at
http://www.konakart.com/
Reported by
===================
This issue was reported to the vendor by Christian Schneider (@cschneider4711)
following a responsible disclosure process.
Severity
===================
Medium
Description
===================
The existing CSRF protection token was checked for every POST request
properly. When modifying the request from POST method to GET method
all state-changing actions worked as well, but the CSRF token protection
was no longer enforced, allowing CSRF attacks.
Escalation potential
====================
Exploitation demonstration was responsibly provided along with the vulnerability
report to the vendor, which changed a victim's mail address (using the CSRF
protection bypass) to an attacker-supplied mail address, allowing a successful
reset of victim's account password by the attacker.
Timeline
===================
2014-05-02 Vulnerability discovered
2014-05-02 Vulnerability responsibly reported to vendor
2014-05-02 Reply from vendor acknowledging report
2014-??-?? Vendor released patch as part of version 7.3.0.0
2014-09-20 Advisory published via BugTraq
References
===================
http://www.konakart.com/
http://www.christian-
Komentarų nėra:
Rašyti komentarą