| To: | bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk, vuln-dev@securityfocus.com, webappsec@securityfocus.com |
|---|---|
| Subject: | Nullsoft ShoutcastServer Persistant XSS - 0day |
| From: | SaMuschie <samuschie@yahoo.de> |
| Date: | Tue, 27 Feb 2007 21:42:37 +0100 (CET) |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | bugtraq-list@securepoint.com |
| Delivered-to: | mailing list bugtraq@securityfocus.com |
| Delivered-to: | moderator for bugtraq@securityfocus.com |
| Domainkey-signature: | a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.de; h=Message-ID:X-YMail-OSG:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=kS4O5md2lhO8X+a3lUIOY+062LSo0V4LkbnFfCxUA4AvcMsZi6K5xfJR+b9wHehg+kJH9kUNuzAUQNiQMTd1vwzo3OobJfq6iFDgn3/05vSQHDrcpg5GwazSD1ji2seEOmWSfq6lbX/J1IdPe4hiPrC9d3z/kmqkRmuz6mZgSkw= ; |
| List-help: | <mailto:bugtraq-help@securityfocus.com> |
| List-id: | <bugtraq.list-id.securityfocus.com> |
| List-post: | <mailto:bugtraq@securityfocus.com> |
| List-subscribe: | <mailto:bugtraq-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:bugtraq-unsubscribe@securityfocus.com> |
| Mailing-list: | contact bugtraq-help@securityfocus.com; run by ezmlm |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +--------------------------------------- - -- - | SaMuschie Research Labs proudly presents . . . +------------------------------------------- -- - - | Application: Nullsoft ShoutcastServer | Version: 1.9.7/Win32 (other versions/platforms not tested) | Vuln./Exploit Type: Persistant XSS | Status: -0day +----------------------------------------- -- - - | Discovered by: Muschiemann | Released: 20070227 | SaMuschie Release Number: 3 +------------------------------- - -- - It is possible to inject scriptcode into the applications logfile without authentication. Once the admin is viewing the logfile via the web interface, the scriptcode will be executed. e.g.: http://victim:8001/"/><script>alert(document.getElementsByTagName("PRE")[0].firstChild.data)</script> By abusing this vuln it is possible to send the complete logfile to an evil host. +----------------------------- -- - | Lameness Disclaimer +------------------------------------- - -- - - | SaMuschie Research Labs was found to publish | vulnerabilities within well known software products, | which are easy to discover and exploit. | | SaMuschie researchers just spend a minimum of time | and knowledge for each vulnerability. Hence readers of | this advisory are requested not to ask any questions | to the researchers.... they don't know the answer ;) +---------------------------------- - -- - - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) iD8DBQFF5H4RCrtcl+ifKZARAsHoAJ9xBhoq8tuX/I5mPU1OjmJbRJSPggCfTNFj 8kqRWw8smOdqvIoKPWTuZuA= =oALk -----END PGP SIGNATURE----- ___________________________________________________________ Der frühe Vogel fängt den Wurm. Hier gelangen Sie zum neuen Yahoo! Mail: http://mail.yahoo.de |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | WordPress Search Function SQL-Injection, SaMuschie |
|---|---|
| Next by Date: | iDefense Security Advisory 02.27.07: Computer Associates eTrust Intrusion Detection Denial of Service Vulnerability, iDefense Labs |
| Previous by Thread: | WordPress Search Function SQL-Injection, SaMuschie |
| Next by Thread: | iDefense Security Advisory 02.27.07: Computer Associates eTrust Intrusion Detection Denial of Service Vulnerability, iDefense Labs |
| Indexes: | [Date] [Thread] [Top] [All Lists] |