MusicBox cart.php Multiple Variable XSS

2006-03-18T07:01:03
ID OSVDB:23968
Type osvdb
Reporter Linux_Drox(Xx_HacK_xX_2004@HotMail.com)
Modified 2006-03-18T07:01:03

Description

Vulnerability Description

MusicBox contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'message' or 'message1' variables upon submission to the cart.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

MusicBox contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'message' or 'message1' variables upon submission to the cart.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[target]/music/cart/cart.php?message1='><script>alert(document.cookie) </script> http://[target]/music/cart/cart.php?message='><script>alert(document.cookie)</script>

References:

Vendor URL: http://www.musicboxv2.com/ Related OSVDB ID: 23967 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-03/0515.html CVE-2006-1349 Bugtraq ID: 17149