by r0t,der4444,cembo,VietMafia

Saturday, December 03, 2005

SiteBeater MP3 Catalog XSS vuln

SiteBeater MP3 Catalog XSS vuln
Vuln. dicovered by : r0t
Date: 3 dec. 2005
vendor:http://www.sitebeater.com/Radio/
affected version: 2.03 and prior


Product Description:
MP3 upload, lightning fast ID3 tag reading or enter your own song data, CD purchase info, search, private, public or random playlists, multi-domain, load-balancing, multi-lingual, mailing lists, themes, user management, over 50 rights, and much more! Uses ASP & MSSQL.



Vuln. Description:
Input passed to the parameters in "Search.asp" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.



Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew