Related information

Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)

XSS in PBLang 4.65 Profile.php/UCP.php

[SA17706] PHP-Post Cross-Site Scripting and Script Insertion Vulnerabilities

[SA17741] blogBuddies Cross-Site Scripting Vulnerabilities

[SA17736] SmartPPC Pro "username" Cross-Site Scripting Vulnerability

From:	r0t <krustevs_(at)_googlemail.com>
Date:	23.11.2005
Subject:	Tunez SQL and XSS vuln.

Tunez SQL and XSS vuln.
Vuln. dicovered by : r0t
Date 23 nov. 2005
Vendor:http://tunez.sourceforge.net/
Orginal advisory:http://pridels.blogspot.com/2005/11/tunez-sql-and-xss-vuln.html
affected version:Tunez 1.21 and prior


Vuln. Description:

1. SQL Injection
Input passed to the "song_id" parameter in "songinfo.php" isn't
properly sanitised before being used in a SQL query. This can be
exploited to manipulate SQL queries by injecting arbitrary SQL code.

example:
/songinfo.php?song_id=[SQL]

2. XSS
Input passed to the search parameters in "search.php" isn't properly
sanitised before being returned to the user. This can be exploited to
execute arbitrary HTML and script code in a user's browser session in
context of an affected site.

example:
search.php?action=doSearch&searchFor=[XSS]&search_type=all


Solution:
Edit the source code to ensure that input is properly sanitised.


Greetings to : RaZbh,der4444,fredrau,waraxe,g0df4th3r,cembo!!!