| عنوان | Script and Tools eCommerce-3.0 3.0 No Limit To Authentication Attempts To Admin Login |
|---|
| الوصف | Title of the Vulnerability:
Script and Tools | eCommerce 3.0 | admin/login.php - No Limit To Authentication Attempts To Admin Login
Vulnerability Class: CWE-307: Improper Restriction of Excessive Authentication Attempts
Product Name: eCommerce 3.0
Vendor: https://github.com/scriptandtools/
Vulnerable Product Link: https://github.com/scriptandtools/eCommerce-website-in-PHP
Technical Details & Description:
The application source code is coded in a way which allows : CWE-307: Improper Restriction of Excessive Authentication Attempts.
Product & Service Introduction:
eCommerce-3.0
Observation & Exploitation:
Here,The Vulnerable File Is: admin/login.php
Who will be affected of this attack?
->The Admin! Because Hackers will be able to access and modify user accounts and see even modify their orders and their verification informations and change the destination of ordered items and even delete any running order users and this will lead to a Market Crash.
Lets Exploit ????????️????:
First,Go To admin/login.php
You can try for some random passwords for a user email!
You will see that there are no limits even you input 2000 wrong passwords!
But no need to try this ammount of passwords mannually!
Just use my coded tool for this job!
Tool Link:
https://github.com/Maloyroyorko/eCommerce-3.0-admin-bruter |
|---|
| المصدر | ⚠️ https://www.websecurityinsights.my.id/2025/04/script-and-tools-ecommerce-30.html |
|---|
| المستخدم | MaloyRoyOrko (UID 79572) |
|---|
| ارسال | 02/04/2025 08:36 AM (1 سنة منذ) |
|---|
| الاعتدال | 14/04/2025 12:30 AM (12 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 304597 [ScriptAndTools eCommerce-website-in-PHP 3.0 /admin/login.php الكشف عن المعلومات] |
|---|
| النقاط | 20 |
|---|