CoinRemitter OpenCart Plugin SQL Injection Vulnerability

A critical SQL injection vulnerability has been identified in the CoinRemitter OpenCart plugin, specifically in versions 0.0.1 and 0.0.2. The vulnerability arises from the manipulation of the 'coin' argument, allowing remote attackers to execute arbitrary SQL commands. This exploitation can lead to unauthorized access to the database, including sensitive information such as API credentials for CoinRemitter wallets, which could be used to steal funds. Additionally, the vulnerability could be used to exfiltrate admin session details and any personally identifiable information or payment details stored in the database.

Impact

Exploitation of this vulnerability allows for arbitrary SQL injection, leading to unauthorized database access and manipulation. This includes the ability to exfiltrate admin credentials, session details, and sensitive customer information such as payment details and personally identifiable information. Furthermore, the vulnerability allows for the retrieval of CoinRemitter wallet API credentials, including unencrypted passwords, due to hard-coded encryption details that are publicly accessible.

Reproduction

The vulnerability can be reproduced by sending an unauthenticated POST request to the OpenCart site with the CoinRemitter module installed. The 'coin' parameter can be manipulated to include SQL injection payloads that exploit the vulnerability. This can be done using tools like curl or sqlmap. After successful exploitation, the injected SQL payload can be used to extract sensitive information from the database, such as admin credentials or CoinRemitter wallet API keys.

Remediation

Users are advised to upgrade to CoinRemitter version 0.0.3, which addresses this vulnerability. The latest version can be downloaded from the CoinRemitter GitHub repository.