# Exploit Title: OpenCart CMS v4.0.2.2 Login Vulnerability
# Date: 5-9-2023
# Category: Web Application [CMS]
# Exploit Author: Rajdip Dey Sarkar
# Version: 4.0.2.2
# Tested on: Windows/Kali
# CVE: CVE-2023-40834



Description:
----------------
OpenCart CMS version 4.0.2.2 is susceptible to login brute-force attacks,
where attackers can repeatedly try to guess login credentials without any
protective mechanisms in place.


Vulnerable Parameter:
-----------------------
`Password`


Steps to reproduce:
---------------------
> Initial Login Attempt: An attacker visits the login page `
http://localhost/opencart-4.0.2.2/index.php?route=account/login&language=en-gb`
<http://localhost/opencart-4.0.2.2/index.php?route=account/login&language=en-gb>
and
enters a valid username along with an incorrect password to trigger an
authentication attempt.

> Request Capture: The attacker intercepts the HTTP request sent to the
server during the failed login attempt using tools like proxy servers. This
captured request contains the authentication details.

> Request Modification: The attacker uses a tool like "Intruder" to
automate the process of submitting multiple password variations. They
modify the captured request to include different passwords, including the
correct one, to be used in the brute force attack.

> Brute Force Attack: The attacker launches the brute force attack by
sending the modified requests with different password combinations to the
server. They analyze the responses to identify differences in response
lengths or messages that reveal the correct password, account lockout
information, or other vulnerabilities.