Headline
OpenCart CMS 4.0.2.2 Brute Force
OpenCart CMS version 4.0.2.2 suffers from a login brute forcing vulnerability.
# Exploit Title: OpenCart CMS v4.0.2.2 Login Vulnerability# Date: 5-9-2023# Category: Web Application [CMS]# Exploit Author: Rajdip Dey Sarkar# Version: 4.0.2.2# Tested on: Windows/Kali# CVE: CVE-2023-40834Description:----------------OpenCart CMS version 4.0.2.2 is susceptible to login brute-force attacks,where attackers can repeatedly try to guess login credentials without anyprotective mechanisms in place.Vulnerable Parameter:-----------------------`Password`Steps to reproduce:---------------------> Initial Login Attempt: An attacker visits the login page `http://localhost/opencart-4.0.2.2/index.php?route=account/login&language=en-gb`<http://localhost/opencart-4.0.2.2/index.php?route=account/login&language=en-gb>andenters a valid username along with an incorrect password to trigger anauthentication attempt.> Request Capture: The attacker intercepts the HTTP request sent to theserver during the failed login attempt using tools like proxy servers. Thiscaptured request contains the authentication details.> Request Modification: The attacker uses a tool like "Intruder" toautomate the process of submitting multiple password variations. Theymodify the captured request to include different passwords, including thecorrect one, to be used in the brute force attack.> Brute Force Attack: The attacker launches the brute force attack bysending the modified requests with different password combinations to theserver. They analyze the responses to identify differences in responselengths or messages that reveal the correct password, account lockoutinformation, or other vulnerabilities.
Related news
CVE-2023-40834: OpenCart CMS 4.0.2.2 Brute Force ≈ Packet Storm
OpenCart v4.0.2.2 is vulnerable to Brute Force Attack.