OpenCart Vulnerability #5285

Closed
robinflyhigh opened this Issue Mar 16, 2017 · 10 comments

Comments

Projects
None yet
3 participants
Contributor

robinflyhigh commented Mar 16, 2017 edited

See this 5 min video @ https://vid.me/HH8k

Sorry to post as an issue but wanted immediate attention of @danielkerr

I know the attacker needs admin access to the site.

Attack SQL Query @ https://gist.github.com/robinflyhigh/4e13f7c444a3664441c150d125a18abe

robinflyhigh changed the title from OpenCart Vunerability to OpenCart Vulnerability Mar 16, 2017

Contributor

danielkerr commented Mar 17, 2017 edited

danielkerr closed this Mar 17, 2017

Contributor

robinflyhigh commented Mar 17, 2017

Reason for logging it as an issue is these type of SQL script should not be executed https://gist.github.com/robinflyhigh/4e13f7c444a3664441c150d125a18abe

Contributor

robinflyhigh commented Mar 17, 2017

And if you have admin access you cannot view server files but then these type of attack happens they can have access to site files as well.

Sorry once again for posting and wasting your precious time.

Contributor

danielkerr commented Mar 17, 2017

@robinflyhigh are u stupid!

if u have access to the admin you can download a backup of the whole db decode the all the password hases or upload a hacking mod script to the extension installer! etc..!

but no not this clown!

so this clown not only logs into his own store using the username / password admin / admin but comes up with a bullshit hack of the error log rather than uploading a extension mod which one give him full access to the files.

this guy is an idiot! hes not a a hacker!

We have several clients site got hacked by this simple attack. The key is that they have simple admin name and password like "123456 and "admin". Once hacker gets in, he will change the error.log -> error.php, and then...

We just mod the code from changing error.log extension to *.php. Many new sites get hacked by this trick, guess they should be warne.

Contributor

danielkerr commented Mar 17, 2017

i really hope that was not your video you uploaded!

Contributor

robinflyhigh commented Mar 17, 2017

Nope, that's not my video @danielkerr

Contributor

danielkerr commented Mar 17, 2017 edited

@samchen945

the user is the vulnerability if they use admin as their default login and poassword 1234.

its just the same as using a 5 character password for your web hosting! you will be hacked! very easy to get the login name from errors.

Contributor

danielkerr commented Mar 17, 2017 edited

there person who posted this video would not know php properly., hes guessing what hes doing. it will be some guy poorly educated from some 3rd world country. vietnam, india, pakistain. etc..

use some common sense these guys cant code properly. maybe cheap services but you end up unsecure, slow, spaghetti code.

the fact he posted this video shows hes a low level programmer. probably making money from post crap like this.

another point is you also not only need access to the admin but permissions to access the settings page!

just wasted 30 minutes on this because the poster could not work it out for him self.

danielkerr locked and limited conversation to collaborators Mar 17, 2017

Contributor

danielkerr commented Mar 17, 2017

also after the release of the cloud i plan to add 2 factor authentication to the admins.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.