Lack Of Security (Security Issues)

Hi,

Some of people found very simple ways to hack the website based on CS-Cart (at least 4.11.4.SP3):

1. Password Reset Link leak on third party website via Referer header - It has been identified that the application is leaking referrer token to third party sites. In this case it was found that the password reset token is being leaked to third party sites which is a issue knowing the fact that it can allow any malicious users to use the token and reset the passwords of the victim.

https://hackerone.com/reports/342693

https://hackerone.com/reports/272379

2. CS-Cart Don't ask old(current) password policy.

Hi,

Some of people found very simple ways to hack the website based on CS-Cart (at least 4.11.4.SP3):

1. Password Reset Link leak on third party website via Referer header - It has been identified that the application is leaking referrer token to third party sites. In this case it was found that the password reset token is being leaked to third party sites which is a issue knowing the fact that it can allow any malicious users to use the token and reset the passwords of the victim.

https://hackerone.com/reports/272379

2. CS-Cart Don't ask old(current) password policy.

Yeah but this is one of those things where you either are already compromised, or you are using a compromised service.

It won't explain why CS-Cart doesn't demand to show the old password before you change to the new one.