Team Johnlong RaidenTunes 2.1.1 Remote Cross-Site Scripting Vulnerability
Title: Team Johnlong RaidenTunes 2.1.1 Remote Cross-Site Scripting Vulnerability
Advisory ID: ZSL-2010-4947
Type: Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 04.08.2010
[02.08.2010] - Initial contact with the vendor.
[02.08.2010] - Vendor replied asking for details.
[02.08.2010] - Sent PoC to vendor.
[02.08.2010] - Vendor confirms vulnerability.
[04.08.2010] - Vendor releases version 2.1.2 to address this issue.
[04.08.2010] - Public advisory released.
[2] http://www.exploit-db.com/exploits/14546/
[3] http://bbs.pediy.com/showthread.php?t=117945
[4] http://www.securelist.com/en/advisories/40837
[5] http://secunia.com/advisories/40837
[6] http://securityreason.com/exploitalert/8599
[7] http://osvdb.org/show/osvdb/66858
[8] http://xforce.iss.net/xforce/xfdb/60884
[9] http://www.securityfocus.com/bid/42167
[10] http://packetstormsecurity.org/filedesc/ZSL-2010-4947.txt.html
[11] http://archives.neohapsis.com/archives/secunia/current/0427.html
[05.08.2010] - Added reference [7] and [8]
[06.08.2010] - Added reference [9] and [10]
[27.08.2010] - Added reference [11]
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2010-4947
Type: Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 04.08.2010
Summary
RaidenTunes is a Web server based + application software that allows You to setup an online music server quickly. It can scan the music folders in Your PC and organize them into a database, allowing users to connect to this server and browser/search and listen to the music easily. Interaction between users is also possible with built in message board for albums.Description
RaidenTunes 2.1.1 suffers from a Cross-Site Scripting (XSS) vulnerability caused by improper validation of user-supplied input by the music_out.php script thru "p" param. A remote attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site, allowing the attacker to steal the victim's cookie-based authentication credentials.Vendor
RaidenFTPDteam / Team Johnlong Software - RaidenTunes streaming serverAffected Version
2.1.1Tested On
Microsoft Windows XP Professional SP3 (English)Vendor Status
[02.08.2010] - Vulnerability discovered.[02.08.2010] - Initial contact with the vendor.
[02.08.2010] - Vendor replied asking for details.
[02.08.2010] - Sent PoC to vendor.
[02.08.2010] - Vendor confirms vulnerability.
[04.08.2010] - Vendor releases version 2.1.2 to address this issue.
[04.08.2010] - Public advisory released.
PoC
rtunes_xss.txtCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] http://forum.raidenftpd.com/showflat.php?Cat=&Board=mp3&Number=51265&page=0&view=collapsed&sb=5&o=0&fpart=[2] http://www.exploit-db.com/exploits/14546/
[3] http://bbs.pediy.com/showthread.php?t=117945
[4] http://www.securelist.com/en/advisories/40837
[5] http://secunia.com/advisories/40837
[6] http://securityreason.com/exploitalert/8599
[7] http://osvdb.org/show/osvdb/66858
[8] http://xforce.iss.net/xforce/xfdb/60884
[9] http://www.securityfocus.com/bid/42167
[10] http://packetstormsecurity.org/filedesc/ZSL-2010-4947.txt.html
[11] http://archives.neohapsis.com/archives/secunia/current/0427.html
Changelog
[04.08.2010] - Initial release[05.08.2010] - Added reference [7] and [8]
[06.08.2010] - Added reference [9] and [10]
[27.08.2010] - Added reference [11]
Contact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk