View Issue Details

IDProjectCategoryView StatusLast Update
0006045OXID eShop (all versions)4.04. Securitypublic2016-01-27 09:32
Reporterkeywan.ghadami 
PrioritynormalSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
Product Version4.9.3 / 5.2.3 
Target VersionFixed in Version4.8.10 / 5.1.10 
Summary0006045: Captcha can solved by decrypting get parameters if config key is not changed
DescriptionConfig key should be changed for each Shop installation. However sometimes clients lieve it unchanged. In such a case captcha can solved by decrypting get parameters.

0-day exploit:
https://www.youtube.com/watch?v=4pFAZq8DuSc
TagsNo tags attached.
ThemeAzure
BrowserAll
PHP VersionNot defined
MySQL VersionNot defined

Activities

There are no notes attached to this issue.