########################################################### [~] Exploit Title: Piwigo 2.5.3 CMS:Multiple vulnerability's [~] Author: sajith [~] version: Piwigo 2.5.3 [~]Vendor Homepage: http://piwigo.org [~] vulnerable app link:http://www.piwigo.org/basics/downloads ########################################################### [1] Stored XSS on Multiple parameters <1> click on Add photos ( http://127.0.0.1/cms/piwigo/admin.php?page=photos_add) and click on "create new album" in the album name enter the payload "> and save it we can see that our payload gets executed.we can also see that when you click on "albums" and "manage" functionality payload gets executed. <2>click on users > groups > in the "group name" field add above xss payload and click on save. [2] CSRF vulnerability click on >users >manage where "add a user " functionality can be exploited using CSRF vulnerability(poc shown below) POC by sajith shetty