Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

Session IDs in URL vulnerability Rate Topic   - - - - -

  • yesjapan
  • Junior Member
  • Members
  • Join Date: 09-Nov 08
  • 12 posts

Posted 09 November 2008 - 07:10 PM #1

A user complained that he sent a URL to his friend and the friend was able to be automatically logged in to CS-CART.

The URL sent contained the session id.
I confirmed this security issue by logging in with FireFox and then pasting the URL on an unrelated computer with all cookies cleared.

I was able to change passwords, order, and basically run the account as if I had logged in.

Is there a way to disable sending session id in the URL to prevent this security issue?

JapanFiles.com / YesJapan.com

P.S. I am running CS-Cart v.1.3.5

  • yesjapan
  • Junior Member
  • Members
  • Join Date: 09-Nov 08
  • 12 posts

Posted 10 November 2008 - 05:11 AM #2

How do you turn this off?
Sorry for the bump but I am concerned.

  • pbannette
  • Senior Member
  • Members
  • Join Date: 09-Aug 07
  • 1036 posts

Posted 10 November 2008 - 11:20 AM #3

Since you have confirmed this behavior that seems undesirable, I think you should also post a bug report on this subject. You may also want to put in a help desk ticket.


Posted 11 November 2008 - 08:13 PM #4

You may want to reference the cookie exploit that was fixed 2 weeks ago, the file should be available in your file area.
I've moved on from CS-Cart to WooC******** - If you need anything I can be of little help.