The exploit demonstrates a CSRF vulnerability in NXFilter v3.0.3, allowing arbitrary actions such as adding users, modifying SMTP settings, and manipulating domain configurations via crafted HTML forms. It includes functional PoC code for multiple attack vectors, including persistent XSS.
Classification
Working Poc 95%
Attack Type
Csrf
Complexity
Trivial
Reliability
Reliable
Target:NXFilter v3.0.3
Auth required
Prerequisites:Victim must be authenticated and visit a malicious page