It is possible to inject scriptcode into the applications logfile without
authentication. Once the admin is viewing the logfile via the web interface,
the scriptcode will be executed.
By abusing this vuln it is possible to send the complete logfile to an evil host.
+----------------------------- -- -
| Lameness Disclaimer
+------------------------------------- - -- - -
| SaMuschie Research Labs was found to publish
| vulnerabilities within well known software products,
| which are easy to discover and exploit.
|
| SaMuschie researchers just spend a minimum of time
| and knowledge for each vulnerability. Hence readers of
| this advisory are requested not to ask any questions
| to the researchers.... they don't know the answer ;)
+---------------------------------- - -- - -
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
___________________________________________________________
Der frühe Vogel fängt den Wurm. Hier gelangen Sie zum neuen Yahoo! Mail: http://mail.yahoo.de
Hash: SHA1
+--------------------------------------- - -- -
| SaMuschie Research Labs proudly presents . . .
+------------------------------------------- -- - -
| Application: Nullsoft ShoutcastServer
| Version: 1.9.7/Win32 (other versions/platforms not tested)
| Vuln./Exploit Type: Persistant XSS
| Status: -0day
+----------------------------------------- -- - -
| Discovered by: Muschiemann
| Released: 20070227
| SaMuschie Release Number: 3
+------------------------------- - -- -
It is possible to inject scriptcode into the applications logfile without
authentication. Once the admin is viewing the logfile via the web interface,
the scriptcode will be executed.
e.g.:
http://victim:8001/"/><script>alert(document.getElementsByTagName("PRE")
[0].firstChild.data)</script>
By abusing this vuln it is possible to send the complete logfile to an evil host.
+----------------------------- -- -
| Lameness Disclaimer
+------------------------------------- - -- - -
| SaMuschie Research Labs was found to publish
| vulnerabilities within well known software products,
| which are easy to discover and exploit.
|
| SaMuschie researchers just spend a minimum of time
| and knowledge for each vulnerability. Hence readers of
| this advisory are requested not to ask any questions
| to the researchers.... they don't know the answer ;)
+---------------------------------- - -- - -
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
iD8DBQFF5H4RCrtcl+ifKZARAsHoAJ9xBhoq8tuX/I5mPU1OjmJbRJSPggCfTNFj
8kqRWw8smOdqvIoKPWTuZuA=
=oALk
-----END PGP SIGNATURE-----
___________________________________________________________
Der frühe Vogel fängt den Wurm. Hier gelangen Sie zum neuen Yahoo! Mail: http://mail.yahoo.de
[ reply ]