04 August, 2010

Team Johnlong RaidenTunes 2.1.1 Remote Cross-Site Scripting Vulnerability

Title: Team Johnlong RaidenTunes 2.1.1 Remote Cross-Site Scripting Vulnerability

Vendor: RaidenFTPDteam / Team Johnlong Software

Product Web Page: http://www.raidentunes.com

Summary: RaidenTunes is a Web server based + application software that
allows You to setup an online music server quickly. It can scan the music
folders in Your PC and organize them into a database, allowing users to
connect to this server and browser/search and listen to the music easily.
Interaction between users is also possible with built in message board for

Desc: RaidenTunes 2.1.1 suffers from a Cross-Site Scripting (XSS) vulnerability
caused by improper validation of user-supplied input by the music_out.php
script thru "p" param. A remote attacker could exploit this vulnerability
to execute script in a victim's Web browser within the security context of
the hosting Web site, allowing the attacker to steal the victim's cookie-based
authentication credentials.

Affected Version: 2.1.1

Tested On: Microsoft Windows XP Professional SP3 (English)

Vendor Status: [02.08.2010] - Vulnerability discovered.
[02.08.2010] - Initial contact with the vendor.
[02.08.2010] - Vendor replied asking for details.
[02.08.2010] - Sent PoC to vendor.
[02.08.2010] - Vendor confirms vulnerability.
[04.08.2010] - Vendor releases version 2.1.2 to address this issue.
[04.08.2010] - Public advisory released.

Zero Science Lab Advisory ID: ZSL-2010-4947
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4947.php

Vulnerability Discovered By: Gjoko 'LiquidWorm' Krstic
liquidworm gmail com

Zero Science Lab


Proof Of Concept:


No comments: