# Exploit Title: OpenCart CMS v4.0.2.2 Login Vulnerability # Date: 5-9-2023 # Category: Web Application [CMS] # Exploit Author: Rajdip Dey Sarkar # Version: 4.0.2.2 # Tested on: Windows/Kali # CVE: CVE-2023-40834 Description: ---------------- OpenCart CMS version 4.0.2.2 is susceptible to login brute-force attacks, where attackers can repeatedly try to guess login credentials without any protective mechanisms in place. Vulnerable Parameter: ----------------------- `Password` Steps to reproduce: --------------------- > Initial Login Attempt: An attacker visits the login page ` http://localhost/opencart-4.0.2.2/index.php?route=account/login&language=en-gb` <http://localhost/opencart-4.0.2.2/index.php?route=account/login&language=en-gb> and enters a valid username along with an incorrect password to trigger an authentication attempt. > Request Capture: The attacker intercepts the HTTP request sent to the server during the failed login attempt using tools like proxy servers. This captured request contains the authentication details. > Request Modification: The attacker uses a tool like "Intruder" to automate the process of submitting multiple password variations. They modify the captured request to include different passwords, including the correct one, to be used in the brute force attack. > Brute Force Attack: The attacker launches the brute force attack by sending the modified requests with different password combinations to the server. They analyze the responses to identify differences in response lengths or messages that reveal the correct password, account lockout information, or other vulnerabilities.