← Advisories

Team Johnlong RaidenTunes 2.1.1 Remote Cross-Site Scripting Vulnerability

Medium

Advisory ID

ZSL-2010-4947

Release Date

04 August 2010

Vendor

RaidenFTPDteam / Team Johnlong Software - RaidenTunes streaming server

Affected Version

2.1.1

CVE

N/A

Tested On

Microsoft Windows XP Professional SP3 (English)

Summary

RaidenTunes is a Web server based + application software that allows You to setup an online music server quickly. It can scan the music folders in Your PC and organize them into a database, allowing users to connect to this server and browser/search and listen to the music easily. Interaction between users is also possible with built in message board for albums.

Description

RaidenTunes 2.1.1 suffers from a Cross-Site Scripting (XSS) vulnerability caused by improper validation of user-supplied input by the music_out.php script thru "p" param. A remote attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site, allowing the attacker to steal the victim's cookie-based authentication credentials.

Proof of Concept

rtunes_xss.txtTXT

Disclosure Timeline

02.08.2010- Vulnerability discovered.

02.08.2010- Initial contact with the vendor.

02.08.2010- Vendor replied asking for details.

02.08.2010- Sent PoC to vendor.

02.08.2010- Vendor confirms vulnerability.

04.08.2010- Vendor releases version 2.1.2 to address this issue.

04.08.2010- Public advisory released.

Credits

Vulnerability discovered by Gjoko Krstic