# Exploit Title: phpSound Music Sharing Platform Multiple XSS Vulnerabilities
# Date: 08-10-2014
# Exploit Author: Halil Dalabasmaz
# Version: v1.0.5
# Vendor Link: http://codecanyon.net/item/phpsound-music-sharing-platform/9016117
# Software Test Link: http://phpsound.com/demo
 
# Vulnerabilities Description:
 
===Stored XSS===
Create a Playlist and then you can run any XSS payload on "Title" or "Description" input fields.
 
Sample Payload for Stored XSS: "><script>alert(document.cookie);</script>
 
Solution
Filter the input fields aganist to XSS attacks.
 
===
 
===Reflected XSS===
 
The URL parameter is "filter" not filtered.
 
http://server/path/index.php?a=explore&filter=XSS
 
Sample Payload for XSS: </title><script>alert(document.cookie);</script>
 
Solution
Filter the parameter aganist to XSS attacks.
===