CVE-2024-53476 PoC — SimplCommerce 安全漏洞

Source

https://github.com/AbdullahAlmutawa/CVE-2024-53476

Associated Vulnerability

Title:SimplCommerce 安全漏洞 (CVE-2024-53476)
Description:SimplCommerce是SimplCommerce开源的一个基于 .NET 构建的简单、跨平台、模块化电子商务系统。 SimplCommerce存在安全漏洞。攻击者利用该漏洞可以绕过库存限制，从多个账户同时提交同一产品的购买请求。

Description

SimplCommerce is affected by a race condition vulnerability in the checkout logic, allowing multiple users to purchase more products than are in stock via simultaneous checkout requests.

Readme

# CVE-2024-53476
SimplCommerce is affected by a race condition vulnerability in the checkout logic, allowing multiple users to purchase more products than are in stock via simultaneous checkout requests.

# Detection Method
An attacker can detect this vulnerability by attempting to purchase a product at almost the same time with limited stock (stock = 1) using two accounts. If both accounts successfully purchase the product, it confirms the presence of a race condition. This can be done using custom scripts or Burp Suite turbo intruder to send concurrent checkout requests.

# Tested on
230310c8d7a0408569b292c5a805c459d47a1d8f commit

#Links
https://www.simplcommerce.com/

https://github.com/simplcommerce/SimplCommerce

# Disclosure Timeline

# Credits
Abdullah Almutawa

File Snapshot


 [4.0K]  /data/pocs/314fdc6c27528bf1f0b16393d84490922141a438
└── [ 780]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!