what you don't know can hurt you

Phraseanet DAM Cross Site Scripting

Phraseanet DAM Cross Site Scripting
Posted May 28, 2019
Authored by Krzysztof Szulski

Phraseanet DAM versions prior to 4.0.7 suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 2f2edf53bb7455baf29f3ec724547715

Phraseanet DAM Cross Site Scripting

Change Mirror Download
# Exploit title: Stored XSS vulnerability in Phraseanet DAM Open Source software
# Date: 10/10/2018
# Exploit Author: Krzysztof Szulski
# Vendor Homepage: https://www.phraseanet.com
# Software Link (also VM): https://www.phraseanet.com/en/download/ # Version affected: 4.0.3 (4.0.4-dev) and below
# Version fixed: 4.0.7
# Proof of concept.

Phraseanet is an Open Source Digital Asset Management software distributed under GNU GPLV3 license.
Registered user (or even guest user, depends of configuration) can upload pictures, videos, pdfs or any other document.
A crafted file name for uploaded document leads to stored XSS. In simplest form the name of the file would be:
"><svg onload=alert(1)>.jpg
or:
"><svg onload=alert(document.cookie)>.jpg
Please notice that the file name should start from double quotation mark.
Once a picture will be uploaded it will pop up an alert window and keep popping up every time anybody will login to the website.
Another example of more malicious usage would be this file name:
"><svg onload=window.history.back()>.jpg
From now on every attempt to login will end up with redirection one step back - to login page.
Please be aware that this will not affect Chrome browser and other browsers built on chrome engine which has XSS filter built in.
Login or Register to add favorites

File Archive:

May 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    14 Files
  • 2
    May 2nd
    3 Files
  • 3
    May 3rd
    1 Files
  • 4
    May 4th
    18 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    21 Files
  • 7
    May 7th
    15 Files
  • 8
    May 8th
    19 Files
  • 9
    May 9th
    1 Files
  • 10
    May 10th
    2 Files
  • 11
    May 11th
    18 Files
  • 12
    May 12th
    39 Files
  • 13
    May 13th
    15 Files
  • 14
    May 14th
    17 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    2 Files
  • 17
    May 17th
    2 Files
  • 18
    May 18th
    15 Files
  • 19
    May 19th
    21 Files
  • 20
    May 20th
    15 Files
  • 21
    May 21st
    15 Files
  • 22
    May 22nd
    6 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close