OpenCart CMS Brute Force

Risk: Low
Local: No
Remote: Yes

# Exploit Title: OpenCart CMS v4.0.2.2 Login Vulnerability # Date: 5-9-2023 # Category: Web Application [CMS] # Exploit Author: Rajdip Dey Sarkar # Version: # Tested on: Windows/Kali # CVE: CVE-2023-40834 Description: ---------------- OpenCart CMS version is susceptible to login brute-force attacks, where attackers can repeatedly try to guess login credentials without any protective mechanisms in place. Vulnerable Parameter: ----------------------- `Password` Steps to reproduce: --------------------- > Initial Login Attempt: An attacker visits the login page ` http://localhost/opencart-` <http://localhost/opencart-> and enters a valid username along with an incorrect password to trigger an authentication attempt. > Request Capture: The attacker intercepts the HTTP request sent to the server during the failed login attempt using tools like proxy servers. This captured request contains the authentication details. > Request Modification: The attacker uses a tool like "Intruder" to automate the process of submitting multiple password variations. They modify the captured request to include different passwords, including the correct one, to be used in the brute force attack. > Brute Force Attack: The attacker launches the brute force attack by sending the modified requests with different password combinations to the server. They analyze the responses to identify differences in response lengths or messages that reveal the correct password, account lockout information, or other vulnerabilities.

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2023,


Back to Top