Exploit/Advisories
Published on October 26th, 2020 📆 | 2667 Views ⚑
0PDW File Browser 1.3 – ‘new_filename’ Cross-Site Scripting (XSS)
# Exploit Title: PDW File Browser < = v1.3 - Cross-Site Scripting (XSS)
# Date: 24-10-2020
# Exploit Author: David Bimmel
# Researchers: David Bimmel, Joost Vondeling, Ramòn Janssen
# Vendor Homepage: n/a
# Software Link: https://github.com/GuidoNeele/PDW-File-Browser
# Version: <=1.3
The PDW File Browser is a plugin for the TinyMCE and CKEditor WYSIWYG editors. The PDW File Browser contains a stored and Reflected XSS vulnerability which results in code execution within the browser of an authenticated user. This vulnerability can be exploited when an authenticated user visits the crafted URL (i.e. when phished or when visiting a website containing the URL).
Stored XSS:
The stored XSS is a result of insufficient input sanitization within the 'rename' functionality within the PDW file browser.
Below I have provided an example request were the filename (FILE.txt) is replaced with an XSS payload (
Gloss