RCE via FFmpeg Path Config and Stored XSS in Web Admin Panel

Critical Vulnerability Information Remote Code Execution (RCE) Severity: 9.1 (Critical) CVSS: 3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Exploitation Steps: 1. Log in with an administrator-privileged user. 2. Navigate to the admin settings page. 3. Click on the "Edit Settings" tab. 4. In the "FFmpeg Path" field, insert the following payload. Embed your IP address and port within the Base64-encoded string: 5. Click the first "Submit" button. The web application should send a request as shown in the following image: - (Image showing request and response packet) 6. On the attacker’s machine, start a listener: 7. Upload any short video using the built-in functionality to gain a shell. Stored Cross-Site Scripting (XSS) Severity: 9.1 (Critical) CVSS: 3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Exploitation Steps: 1. Log in with an administrator-privileged user. 2. Navigate to the admin settings page. 3. Click on the "Edit Settings" tab. 4. Click the first "Submit" button. 5. In Burp Suite, intercept the request, send it to the Repeater, and modify it as shown in the screenshot below: - (Screenshot of modified packet) 6. Insert the following payload in the "user_theme" parameter: 7. Navigate to the root page of the web application. ``` This concise Markdown version summarizes the key vulnerability details and exploitation steps.

Goal Reached Thanks to every supporter — we hit 100%!

RCE via FFmpeg Path Config and Stored XSS in Web Admin Panel