[] NeoSense
E X P L O I T S
title author type platform port cve id

osCommerce - Authentication Bypass

Author: Nicolas Krassas
type: webapps
platform: php
port: 
date_added: 2011-02-04 
date_updated: 2011-02-04 
verified: 0 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 
This is a bug on old oscommerce / creloaded i just didn't find it in the
exploit-db database on the search.

# Exploit Title: OsCommerce/Creloaded tell a friend authentication bypass
# Date: 04/02/2010
# Author: Nicolas Krassas
# Version: $Id: tell_a_friend.php,v 1.1.1.1 2008/06/29 23:38:03
# Tested on: linux

When /tell_a_friend.php is called directly the user is redirected at
/product_info.php?products_id=0 where an access denied message is displayed.
Providing a valid product id (eg.
/tell_a_friend.php?action=process&products_id=[Product_id] ) though a guest
user can bypass the restriction and send unsolicited mails through the
system.

Regards,
Nicolas Krassas
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.