![Authentication Flood | Wireless Network Attacks [FREE COURSE CONTENT]](https://www.ineedhack.com/wp-content/uploads/2023/01/Course-content-16-360x180.png)
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x (username) Stored Cross-Site Scripting
Vendor: SOUND4 Ltd.
Product web page: https://www.sound4.com | https://www.sound4.biz
Affected version: FM/HD Radio Processing:
Impact/Pulse/First (Version 2: 1.1/2.15)
Impact/Pulse/First (Version 1: 2.1/1.69)
Impact/Pulse Eco 1.16
Voice processing
BigVoice4 1.2
BigVoice2 1.30
Web-Audio Streaming:
Stream 1.1/2.4.29
Watermarking:
WM2 (Kantar Media) 1.11
Summary: SOUND4 IMPACT is an ingenious process that combines mono and stereo sound.
To achieve perfect stereo processing, each part of the signal is processed individually.
Consistency in both sound quality and level. In moving, you must be consistent in sound and level.
reception occurs when the FM receiver changes from mono to stereo and then back again
Stereo reduces the volume and sound variation by more than 90%.
Stereo expander is an option in the SOUND4-IMPACT processing chain
Basically, without limitations.
SOUND4 is a powerful and versatile product that offers advanced functionality.
PULSE offers clients the best price-performance ratio.
It is more than a processor. It is flexible and powerful.
Radio broadcasting standards are fully compatible with the sound quality of this product.
It can also be used for streaming, DAB and FM simultaneously.
SOUND4 FIRST offers all of the essential functions you require
High performance FM/HD processors.
Affordable. This product is designed to produce a high-quality sound.
This tool allows you to perform 2-band processing and a digital stereogenerator.
Clipper for IMPACT
Desc: This application is vulnerable to an unauthenticated stored XSS vulnerability
This causes the storage of JS code to be bypassed and allows authentication bypass. This is how the issue occurs
Input passed to the “username” parameter has not been properly cleaned before it is sent.
returning to the user. You can exploit this to generate arbitrary HTML.
script code within a browser session of a user in the context of an affect site.
It was tested on Apache/2.4.25 (Unix).
OpenSSL/1.0.2k
PHP/7.1.1
GNU/Linux 5.10.43 (armv7l)
GNU/Linux 4.9.228 (armv7l)
Gjoko “LiquidWorm” Krstic discovered vulnerability
Macedonian Information Security Research and Development Laboratory
Zero Science Lab – https://www.zeroscience.mk – @zeroscience
ZSL-2022-57331 Advisory ID
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5731.php
26.09.2022
—
POST HTTP/1.1
username=”>confirm(251)&password=zeroscience”
