To make this work, you need the session cookie of an admin, or be able to set the cookie on an admin’s computer. This “attack” works against almost any website, including Lemmy. In fact, the requirement for the URL token makes OpenCart more secure than 90% of websites out there.
He sure didn’t respond professionally, but if this is the kind of “security vulnerabilities” he has to deal with every day, I totally understand.
There are bigger OpenCart issues that do warrant a better response, of course.
Nah, I’m with this dev on this one.
To make this work, you need the session cookie of an admin, or be able to set the cookie on an admin’s computer. This “attack” works against almost any website, including Lemmy. In fact, the requirement for the URL token makes OpenCart more secure than 90% of websites out there.
He sure didn’t respond professionally, but if this is the kind of “security vulnerabilities” he has to deal with every day, I totally understand.
There are bigger OpenCart issues that do warrant a better response, of course.