Type of vulnerability: CSRF (Cross-Site Request Forgery)
Version : v1.0
Discovered by: Noth
Author: Noth
Description:
Pixelimity CMS is vulnerable to persistent Cross-Site Request Forgery attacks, which allow malicious users to inject HTML or scripts and forge user permissions to operate .
Affected software: Pixelimity CMS
Type of vulnerability: CSRF (Cross-Site Request Forgery)
Version : v1.0
Discovered by: Noth
Author: Noth
Description:
Pixelimity CMS is vulnerable to persistent Cross-Site Request Forgery attacks, which allow malicious users to inject HTML or scripts and forge user permissions to operate .
Vulnerable URL:
http://127.0.0.1/pixelimity-dev/admin/setting.php
Vulnerable parameter:
password
Proof of Concept:
Login as admin .

Locate URL - http://127.0.0.1/pixelimity-dev/admin/setting.php

Use Burpsuite to intercept packets

Original password : 123456
PoC Payload :

Later password : 456789
Can success Change Passoword !
Test Video :
https://drive.google.com/file/d/1rKXgv5wBTyBqyC_52LMLGZEpp8OfsaE-/view?usp=sharing
The text was updated successfully, but these errors were encountered: