Team Johnlong RaidenTunes 2.1.1 Cross Site Scripting

`  
  
  
Title: Team Johnlong RaidenTunes 2.1.1 Remote Cross-Site Scripting Vulnerability  
  
  
  
Vendor: RaidenFTPDteam / Team Johnlong Software  
  
Product Web Page: http://www.raidentunes.com  
  
Summary: RaidenTunes is a Web server based + application software that  
allows You to setup an online music server quickly. It can scan the music  
folders in Your PC and organize them into a database, allowing users to  
connect to this server and browser/search and listen to the music easily.  
Interaction between users is also possible with built in message board for  
albums.  
  
Desc: RaidenTunes 2.1.1 suffers from a Cross-Site Scripting (XSS) vulnerability  
caused by improper validation of user-supplied input by the music_out.php  
script thru "p" param. A remote attacker could exploit this vulnerability  
to execute script in a victim's Web browser within the security context of  
the hosting Web site, allowing the attacker to steal the victim's cookie-based  
authentication credentials.  
  
Affected Version: 2.1.1  
  
Tested On: Microsoft Windows XP Professional SP3 (English)  
  
  
Vendor Status: [02.08.2010] - Vulnerability discovered.  
[02.08.2010] - Initial contact with the vendor.  
[02.08.2010] - Vendor replied asking for details.  
[02.08.2010] - Sent PoC to vendor.  
[02.08.2010] - Vendor confirms vulnerability.  
[04.08.2010] - Vendor releases version 2.1.2 to address this issue.  
[04.08.2010] - Public advisory released.  
  
  
Zero Science Lab Advisory ID: ZSL-2010-4947  
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4947.php  
  
  
Vulnerability Discovered By: Gjoko 'LiquidWorm' Krstic  
liquidworm gmail com  
  
Zero Science Lab  
http://www.zeroscience.mk  
  
02.08.2010  
  
  
  
Proof Of Concept:  
  
http://192.168.17.19/music_out.php?p=29%27%3Cscript%3Ealert%28document.cookie%29%3C/script%3E  
http://192.168.17.19/music_out.php?p=%27%3Cscript%3Ealert%28document.cookie%29%3C/script%3E  
`