Poodle Exploit for Zencart Websites

Zencart is an open source online shopping cart management system. It is highly user friendly and reliable and comes at no cost at all. It can be referred as the present and future of the ecommerce industry wherein source code can be tailor made to meet various client and customer requirements. It has a unique feature with which custom made payment gateways can be integrated with the system or inbuilt payment gateways can be used to kick start business from the very first day of installing Zencart software. It also allows clients to choose any domain for their website. Due to its easy installation and ready to use features Zencart stands apart from other similar systems and can be referred to as a look into the future of ecommerce industry. POODLE refers to ai???Padding Oracle on Downgraded Legacy Encryptionai??i??. As the name suggests, POODLE exploits use Internet and software related to security clientsai??i?? fallback towards SSL 3.0.The exploitation works with a mechanism that is designed to reduce security to restore interoperability. Domains that contain high stages of fragmentation are highly vulnerable to it and utmost precautions and care must be taken while designing systems in such domains. POODLE always requires an attacker to attack hence requires human intervention which makes it less dangerous compared to other security bugs but still it should be treated with utmost attention. Issues caused by the exploit SSL 3.0 is around 18 years old but it still has widespread usage in support. Most browsers supports SSL version 3.0 to try and mitigate bugs within HTTPS servers. Browsers generally retry failed connections using SSL 3.0 protocol. Using this vulnerability an attacker can launch a POODLE attack. POODLE attack might be targeted against any application or system supporting SSL 3.0 having ciphers operating on CBC mode. The attack affects current web browsers, web servers, websites, applications or any software which uses any vulnerable SSL/TLS file for referencing purpose or implements a SSL/TLS suite for itself. Exploitation of such vulnerability in the case of any web based scenario, allows attackers exposed to security sensitive data which is passed within encryption of the web session e.g. cookies, passwords or form data. On a larger scale POODLE attacks can help gain access of authentication tokens which in turn will give complete access to the website by impersonation of any user thereby giving