You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Our security team found a security issue inside Popcorn Time 0.4.7. We have reserved the CVE-2022-25229 to refer to this issue. Attached below is the link to our responsible disclosure policy.
Popcorn Time 0.4.7 has a Stored XSS in the Movies API Server(s) field via the settings page. The nodeIntegration configuration is set to on which allows the webpage to use NodeJs features, an attacker can leverage this to run OS commands.
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
CVSSv3 Base Score:
7.7
Steps to reproduce
Open the Popcorn time application.
Go to settings.
Enable Show advanced settings.
Scroll down to the API Server(s) section.
Insert the following PoC inside the Movies API Server(s) field and click on Check for updates.
Our security team found a security issue inside Popcorn Time 0.4.7. We have reserved the CVE-2022-25229 to refer to this issue. Attached below is the link to our responsible disclosure policy.
https://fluidattacks.com/advisories/policy
Bug description
Popcorn Time 0.4.7 has a Stored XSS in the
Movies API Server(s)
field via thesettings
page. ThenodeIntegration
configuration is set to on which allows the webpage to useNodeJs
features, an attacker can leverage this to run OS commands.CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
CVSSv3 Base Score:
7.7
Steps to reproduce
Open the Popcorn time application.
Go to
settings
.Enable
Show advanced settings
.Scroll down to the
API Server(s)
section.Insert the following PoC inside the
Movies API Server(s)
field and click onCheck for updates
.Scroll down to the
Database
section and click onExport database
.The application will create a
.zip
file with the current configuration.Send the configuration to the victim.
The victim must go to
Settings -> Database
and click onImport Database
When the victim restarts the application the XSS will be triggered and will run the
calc
command.Screenshots and files
System Information
The text was updated successfully, but these errors were encountered: