Team Johnlong RaidenTunes 2.1.1 Remote XSS Vulnerability
Posted on 03 August 2010
<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Team Johnlong RaidenTunes 2.1.1 Remote XSS Vulnerability</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>======================================================== Team Johnlong RaidenTunes 2.1.1 Remote XSS Vulnerability ======================================================== Title: Team Johnlong RaidenTunes 2.1.1 Remote Cross-Site Scripting Vulnerability Vendor: RaidenFTPDteam / Team Johnlong Software Product Web Page: http://www.raidentunes.com Summary: RaidenTunes is a Web server based + application software that allows You to setup an online music server quickly. It can scan the music folders in Your PC and organize them into a database, allowing users to connect to this server and browser/search and listen to the music easily. Interaction between users is also possible with built in message board for albums. Desc: RaidenTunes 2.1.1 suffers from a Cross-Site Scripting (XSS) vulnerability caused by improper validation of user-supplied input by the music_out.php script thru "p" param. A remote attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site, allowing the attacker to steal the victim's cookie-based authentication credentials. Affected Version: 2.1.1 Tested On: Microsoft Windows XP Professional SP3 (English) Vendor Status: [02.08.2010] - Vulnerability discovered. [02.08.2010] - Initial contact with the vendor. [02.08.2010] - Vendor replied asking for details. [02.08.2010] - Sent PoC to vendor. [02.08.2010] - Vendor confirms vulnerability. [04.08.2010] - Vendor releases version 2.1.2 to address this issue. [04.08.2010] - Public advisory released. Zero Science Lab Advisory ID: ZSL-2010-4947 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4947.php Vulnerability Discovered By: Gjoko 'LiquidWorm' Krstic liquidworm gmail com Zero Science Lab http://www.zeroscience.mk 02.08.2010 Proof Of Concept: http://192.168.17.19/music_out.php?p=29%27%3Cscript%3Ealert%28document.cookie%29%3C/script%3E http://192.168.17.19/music_out.php?p=%27%3Cscript%3Ealert%28document.cookie%29%3C/script%3E # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-08-03]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
