http://linsux.org/forum/index.php?/topi ... disclosure
rand(0, 15) is still int the latest code
Desarrollo de módulos y funcionalidades a medida.
Pasarelas de pago opencart: CECA, Servired, Pasat 4B, BBVA
Instalación y venta de módulos y pasarelas de pago 4B, CECA, BBVA , Caja Rural, Cofidis, Servired
Expertos en osCommerce, ZenCart, Virtuemart, Presatashop, OpenCart y Magento
Code: Select all
/admin/controller/common/login.php
Code: Select all
$this->session->data['token'] = md5(rand(0,15));
Code: Select all
$this->session->data['token'] = md5(mt_rand());
Code: Select all
$this->session->data['token'] = md5(rand());
Norman in 't Veldt
Moderator OpenCart Forums
_________________ READ and Search BEFORE POSTING _________________
Our FREE search: Find your answer FAST!.
[How to] BTW + Verzend + betaal setup.
I understand the writer of that article not wanting to contact the OpenCart team, but it would have been nice of him to at least make a post in the forums. Especially when he's giving a working exploit that affects actual users. Seems kind of childish.
Something else I use help protect against the CSRF exploit (as well as it just being really useful) is to use a Site Specific Browser (SSB). Someone correct me on this, but since everything related to your admin login is contained within the SSB, no one could execute the exploit unless you someone visited a site outside your SSB (which defeats the purpose of using it). If you're using Mac OS X, there's Fluid, and I think Chrome on Windows and Linux will do it through "Create Application Shortcut," although I'm not sure if Chrome shares session information across the whole application or not.
You guys are great!
One more reason to have a warning system in the next version of OC that will show a message in the BO when something like this happens.HTMLCSSNoob wrote:Thank you everyone for bringing this to us merchant's attention. It's comforting to know that any security issue, no matter how small, is addressed and a fix is provided for the community.
You guys are great!
Norman in 't Veldt
Moderator OpenCart Forums
_________________ READ and Search BEFORE POSTING _________________
Our FREE search: Find your answer FAST!.
[How to] BTW + Verzend + betaal setup.
Take a closer look at Bubbles and there developers section on how to use there SSB.Johnathan wrote: Something else I use help protect against the CSRF exploit (as well as it just being really useful) is to use a Site Specific Browser (SSB).
For modelcars cars see my OC 3.0.2.0 shop: http://www.gbcars.nl/
For Wooden Toys see my 2.3.0.2 shop: https://www.dehoutentreinenwinkel.nl/
But maybe it should be seeded with time()
mt_srand(time());
$token = mt_rand();
Users browsing this forum: No registered users and 135 guests