# Exploit Title: OpenCart CMS v220.127.116.11 Login Vulnerability
# Date: 5-9-2023
# Category: Web Application [CMS]
# Exploit Author: Rajdip Dey Sarkar
# Version: 18.104.22.168
# Tested on: Windows/Kali
# CVE: CVE-2023-40834
OpenCart CMS version 22.214.171.124 is susceptible to login brute-force attacks,
where attackers can repeatedly try to guess login credentials without any
protective mechanisms in place.
Steps to reproduce:
> Initial Login Attempt: An attacker visits the login page `
enters a valid username along with an incorrect password to trigger an
> Request Capture: The attacker intercepts the HTTP request sent to the
server during the failed login attempt using tools like proxy servers. This
captured request contains the authentication details.
> Request Modification: The attacker uses a tool like "Intruder" to
automate the process of submitting multiple password variations. They
modify the captured request to include different passwords, including the
correct one, to be used in the brute force attack.
> Brute Force Attack: The attacker launches the brute force attack by
sending the modified requests with different password combinations to the
server. They analyze the responses to identify differences in response
lengths or messages that reveal the correct password, account lockout
information, or other vulnerabilities.