Keene Digital Media Server mediashowplay.kspx Multiple Variable XSS

2004-09-02T08:05:26
ID OSVDB:9516
Type osvdb
Reporter Dr_insane(dr_insane@pathfinder.gr)
Modified 2004-09-02T08:05:26

Description

Vulnerability Description

Keene Digital Media Server contains a flaw that allows a remote cross site scripting attack. The flaw exists because the application does not validate the "pic" and "idx" variables upon submission to the mediashowplay.kspx script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Keene Digital Media Server contains a flaw that allows a remote cross site scripting attack. The flaw exists because the application does not validate the "pic" and "idx" variables upon submission to the mediashowplay.kspx script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/dms/mediashowplay.kspx?pic=[code]&idx=0 http://[victim]/dms/mediashowplay.kspx?pic=0&idx=[code]

References:

Vendor URL: http://www.keenesoftware.com/html/dms.html Security Tracker: 1011156 Secunia Advisory ID:12423 Related OSVDB ID: 9514 Related OSVDB ID: 9518 Related OSVDB ID: 9515 Related OSVDB ID: 9517