Skip to content

A Remote Code Execution (RCE) vulnerability exists in pixelimity via admin/admin-ajax.php?action=install_theme. #24

Open
@tuando243

Description

A Remote Code Execution (RCE) vulnerability exists in pixelimity via admin/admin-ajax.php?action=install_theme.

Step to exploit:

  1. Login as admin.
  2. Navigate to http://127.0.0.1/pixelimity/admin/themes.php.
  3. Compress "shell.php" to "shell.zip" file and then upload via Install New Theme.
  4. Visit http://127.0.0.1/pixelimity/themes/shell.php.

Screenshot 2022-04-02 at 16 35 20

Screenshot 2022-04-02 at 16 36 30

Screenshot 2022-04-02 at 16 37 49

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions