by r0t,der4444,cembo,VietMafia

Wednesday, November 23, 2005

Tunez SQL and XSS vuln.

Tunez SQL and XSS vuln.
Vuln. dicovered by : r0t
Date 23 nov. 2005
Vendor:http://tunez.sourceforge.net/
affected version:Tunez 1.21 and prior


Vuln. Description:

1. SQL Injection
Input passed to the "song_id" parameter in "songinfo.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

example:
/songinfo.php?song_id=[SQL]

2. XSS
Input passed to the search parameters in "search.php" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

example:
search.php?action=doSearch&searchFor=[XSS]&search_type=all


Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew