Huge Security Flaw Found !

I found a Huge Security Flaw In it today !



I have myself and my wife both setup as admins …



she used the refer a friend feature on a product and sent it to my email address

to see how it worked …



when i got the email i clicked the link and it showed me the product…

however when i when i added it to my cart and went to checkout i noticed that i was now logged in as her .



i have never logged in as her on this system . and she has never used this system.



then we noticed …



that when i logged into the admin it was loging me in as her in the admin panel …

then when she would login it would kick me off…



tried deleteing cookies still no help



removed the cache from server still no help .



I had to delete her username completly and recreate

before they would stop confusing each other …



it seems that the link sent in my email has her

session id in the email…





this is huge …

Waiting for someone to confirm this huge thing!

[quote name=‘joe’]Waiting for someone to confirm this huge thing![/QUOTE]



Why wait? Try it yourself. No, I haven’t confirmed/tried it.

[quote name=‘Tool Outfitters’]Why wait? Try it yourself. No, I haven’t confirmed/tried it.[/QUOTE]

I don’t have so many computers, thanks…

This is no bug.



Your wife and you have admin account but both use one pc i guess?



I was loggen in, sent a “send to friend” and this is what system sends



Domain.com





There is absolutly nothing that can help you login unless you did not logout from last time.

Same here…no session information sent.



Bob

[quote name=‘joe’]I don’t have so many computers, thanks…[/QUOTE]

You don’t need a second computer, you can use a second browser since cookies and such are not shared between them.



Bob

we do not use the same computer …

she has never used my system …



also i sent a item using send to friend and my brother

which is 20 miles away



was able to checkout using my userid instead of his





the refer a friend links are formatted like so …


/index.php?dispatch=products.view&product_id=xxxxxx&cs_sessid=dfd5d51ef7279e070a1010ef00d19ede

I am not sure why you are having this problem as I do not. Below is email that I receive from the "Send to friend"option:


Hello Test for session ID,

Your friend has recommended this page to you. Please follow the link:
http://XXXXXXXXXX/XXXXXXX/index.php?dispatch=products.view&product_id=817

Notes:
100% Cotton Adult/Youth Beefy T-Shirt by Hanes (Style# 5180)
Thank you for using our shopping cart.




What version of CS-Cart? Have you made any mods?



Bob

[quote name=‘teksigns’]we do not use the same computer …

she has never used my system …



also i sent a item using send to friend and my brother

which is 20 miles away



was able to checkout using my userid instead of his





the refer a friend links are formatted like so …


/index.php?dispatch=products.view&product_id=xxxxxx&cs_sessid=dfd5d51ef7279e070a1010ef00d19ede[/QUOTE]



This is a huge problem then!



Here I complained also about similar problem

[url]http://forum.cs-cart.com/showthread.php?t=11444[/url]

[quote name=‘jobosales’]I am not sure why you are having this problem as I do not. Below is email that I receive from the "Send to friend"option:


Hello Test for session ID,

Your friend has recommended this page to you. Please follow the link:
http://XXXXXXXXXX/XXXXXXX/index.php?dispatch=products.view&product_id=817

Notes:
100% Cotton Adult/Youth Beefy T-Shirt by Hanes (Style# 5180)
Thank you for using our shopping cart.




What version of CS-Cart? Have you made any mods?



Bob[/QUOTE]



Do you have all 3 SSL checkboxes on in admin settings?

I couldn’t duplicate this problem either.

[quote name=‘Darius’]Do you have all 3 SSL checkboxes on in admin settings?[/QUOTE]

No - this is just a testing site with no SSL certificate for the site. That explains the difference.



This is a serious issue so I hope the developers address it quickly.



Bob

yes all three are checked