Audiogalaxy & SID Links

Discussion in 'OT Technology' started by LiQuiD_FuSioN, Feb 15, 2006.

  1. LiQuiD_FuSioN

    LiQuiD_FuSioN New Member

    Joined:
    Dec 31, 2004
    Messages:
    320
    Likes Received:
    0
    http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2001-11/0240.html

    From: John Scimone <[email protected]>
    To: [email protected]
    Subject: Re: Audiogalaxy again (Cross Site Scripting Vuln)
    Date: Wed, 28 Nov 2001 16:51:21 -0500
    Message-Id: <[email protected]>

    I just took a 2 second look at audiogalaxy for other ways to get this
    plaintext cookie and realized that they probably have numerous cross site
    scripting problems being such a dynamic site. Some parsing appears to be
    done on user input however this user search script looks partially vulnerable
    so you don't have to worry about IE bugs and can grab linux user's names and
    passwords also. I'm sure there are others just by looking at their site
    layout but I don't have the time to mess with it. (No! :wtc:)


    Ex:
    http://www.audiogalaxy.com/user/userSearch.php?SID=34b1859xxxxx0da9ff0cbxxxxx&userSearch=foo%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E%3C%22bar&searchOption=exact

    (Copy & paste this link to try it out! or click here: http://tinyurl.com/csagt)

    (Must be logged in to try - Username: treemonkey59, Password: stevebrown11)


    Like Michael stated in an earlier bugtraq post users should chose their
    passwords wisely and not use the same password for hotmail and mp3 sharing
    sites as they do to pay their bills online.


    John Scimone
    CS Major @ Ga Tech

    ....

    So, John Scimone found a way to display our own login details on our own computer. Even though AG is long dead, I'm studying PHP and the way it works. How would I be able to view another person's login just as you were able to look at your own login details (being treemonkey's account) with the same type of link? How would I edit this link so I can view another user's login details or is it even possible at all?
     
  2. LiQuiD_FuSioN

    LiQuiD_FuSioN New Member

    Joined:
    Dec 31, 2004
    Messages:
    320
    Likes Received:
    0

Share This Page