Title: Team Johnlong RaidenTunes 2.1.1 Remote Cross-Site Scripting Vulnerability  

Vendor: RaidenFTPDteam / Team Johnlong Software  

Product Web Page: fb4K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4u0S2K9h3c8W2L8Y4c8#2L8X3g2K6i4K6u0W2j5$3!0E0i4K6t1$3L8X3u0K6M7q4)9K6b7W2)9J5y4X3&6T1M7%4m8Q4x3@1t1`.

   

Summary: RaidenTunes is a Web server based + application software that  

allows You to setup an online music server quickly. It can scan the music  

folders in Your PC and organize them into a database, allowing users to  

connect to this server and browser/search and listen to the music easily.  

Interaction between users is also possible with built in message board for  

albums.  

   

Desc: RaidenTunes 2.1.1 suffers from a Cross-Site Scripting (XSS) vulnerability  

caused by improper validation of user-supplied input by the music_out.php  

script thru "p" param. A remote attacker could exploit this vulnerability  

to execute script in a victim's Web browser within the security context of  

the hosting Web site, allowing the attacker to steal the victim's cookie-based  

authentication credentials.  

   

Affected Version: 2.1.1  

   

Tested On: Microsoft Windows XP Professional SP3 (English)  

   

   

Vendor Status: [02.08.2010] - Vulnerability discovered.  

                [02.08.2010] - Initial contact with the vendor.  

                [02.08.2010] - Vendor replied asking for details.  

                [02.08.2010] - Sent PoC to vendor.  

                [02.08.2010] - Vendor confirms vulnerability.  

                [04.08.2010] - Vendor releases version 2.1.2 to address this issue.  

                [04.08.2010] - Public advisory released.  

   

   

Zero Science Lab Advisory ID: ZSL-2010-4947  

Advisory URL: a1bK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4A6W2M7X3!0K6j5$3W2W2L8X3y4W2i4K6u0W2L8h3E0Q4x3V1k6W2L8W2)9J5c8Y4k6#2L8r3&6W2M7X3q4T1K9h3I4A6N6r3W2W2M7#2)9J5c8W2A6e0e0q4)9J5k6o6t1H3x3e0m8Q4x3X3b7@1z5e0b7%4i4K6u0W2M7r3S2H3i4K6t1$3L8X3u0K6M7q4)9K6b7W2)9J5y4X3&6T1M7%4m8Q4x3@1t1`.

   

   

Vulnerability Discovered By: Gjoko 'LiquidWorm' Krstic  

liquidworm gmail com  

   

Zero Science Lab  

c95K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4A6W2M7X3!0K6j5$3W2W2L8X3y4W2i4K6u0W2L8h3E0Q4x3U0k6F1j5Y4y4H3i4K6y4n7i4K6t1$3L8X3u0K6M7q4)9K6b7R3`.`.

   

02.08.2010  

   

   

   

Proof Of Concept:  

   

62dK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8U0p5&6x3W2)9J5k6e0p5$3z5q4)9J5k6e0p5%4i4K6u0W2x3e0W2Q4x3V1k6E0N6i4y4A6j5#2)9#2k6X3!0#2N6q4)9J5k6i4m8Z5M7q4)9K6c8Y4m8Q4x3@1b7J5z5g2)9J5y4e0t1%4i4K6t1#2x3@1y4K6j5%4u0A6M7s2c8Q4x3U0f1K6c8h3q4D9k6i4u0@1i4K6t1#2x3U0S2V1L8$3y4#2L8h3g2F1N6q4)9J5k6h3y4G2L8$3E0A6k6g2)9J5y4e0t1&6i4K6t1#2x3@1y4Q4x3V1k6K6j5%4u0A6M7s2c8Q4x3U0f1K6c8g2)9J5y4X3&6T1M7%4m8Q4x3@1u0Q4x3U0k6F1j5Y4y4H3i4K6y4n7

b76K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8U0p5&6x3W2)9J5k6e0p5$3z5q4)9J5k6e0p5%4i4K6u0W2x3e0W2Q4x3V1k6E0N6i4y4A6j5#2)9#2k6X3!0#2N6q4)9J5k6i4m8Z5M7q4)9K6c8Y4m8Q4x3@1c8Q4x3U0f1J5y4#2)9J5y4e0y4o6M7$3y4J5K9i4m8@1i4K6t1#2x3@1g2S2L8r3g2J5N6q4)9J5y4e0t1^5k6r3!0U0N6h3#2W2L8Y4c8Q4x3X3g2U0L8$3!0C8K9h3g2Q4x3U0f1J5z5g2)9J5y4e0y4o6i4K6u0r3M7$3y4J5K9i4m8@1i4K6t1#2x3@1f1`.

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课