Netjuke 1.0-rc2 - sql injection & XSS

2007.09.12

Credit: cod3in

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2007-4811 | CVE-2007-4810

CWE: CWE-79

The Netjuke is a Web-Based Audio Streaming Jukebox powered by PHP 4, a database and all the MP3, Ogg Vorbis and other format files that constitute your digital music collection. Supports images, language packs, multi-level security, random playlists, etc
http://sourceforge.net/projects/netjuke
===================================
/explore.php?do=list.artists&ge_id=SQL
/xml.php?do=show.tracks&id=SQL
/alphabet.php?do=alpha.albums&val=XSS
/random.php/XSS
/admin/hidden.php/XSS

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Netjuke 1.0-rc2 - sql injection & XSS

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.