Code-Projects E-Commerce Site Cross-Site Request Forgery Vulnerability

A cross-site request forgery (CSRF) vulnerability has been identified in Code-Projects E-Commerce Site version 1.0. The issue arises in the 'cart_add.php' file, where the application fails to validate CSRF tokens in sensitive POST requests. This lack of validation allows attackers to forge requests that are indistinguishable from legitimate ones, potentially leading to unauthorized actions such as adding items to a user's shopping cart, manipulating order quantities, and controlling order placements.

Impact

Exploitation of this vulnerability allows for unauthorized manipulation of a user's shopping cart, including adding items, changing quantities, and placing orders without the user's consent.

Reproduction

To reproduce this vulnerability, an attacker can create a malicious webpage that automatically submits a form to the vulnerable 'cart_add.php' endpoint. The form must include the product ID and a manipulated quantity, such as an excessively high number. When an authenticated user visits the page, the forged request is sent without their knowledge, exploiting the absence of CSRF token validation.

Remediation

It is recommended to implement CSRF token validation for all sensitive user actions. Additionally, requests should be rejected if they do not contain valid Referer or Origin headers. Input validation for parameters like product ID and quantity is also advised.