Cross-Site Request Forgery (CSRF) in i-love-flamingo/flamingo-commerceValid
Oct 8th 2021
CSRF in cart related endpoints. This include:
- Adding items to cart
- Clean cart
- Delete item from cart
- Update cart
This happens because the system use GET request for these actions and thus allows CSRF attacks.
Proof of Concept
- Access this link in a browser https://demoshop.flamingo.me/en/cart/add/awesome-retailer_1089254?qty=100&deliveryCode=pickup_store See that your cart is added 100 products.
- Access this link: https://demoshop.flamingo.me/en/cart/clean, see that your cart is emptied.