[33034] in bugtraq
SnapStream PVS LITE Cross Site Scripting Vulnerabillity
daemon@ATHENA.MIT.EDU (Rafel Ivgi)
Wed Jan 7 15:12:37 2004
Message-ID: <004a01c3d4a9$38696a60$0b3016ac@fucku>
Reply-To: "Rafel Ivgi" <theinsider@012.net.il>
From: "Rafel Ivgi" <theinsider@012.net.il>
To: <bugtraq@securityfocus.com>
Date: Wed, 7 Jan 2004 01:02:55 +0200
MIME-Version: 1.0
Content-Type: text/plain;
charset="windows-1255"
Content-Transfer-Encoding: 7bit
#######################################################################
Application: SnapStream PVS
Vendor : http://www.snapstream.com
Versions: LITE
Platforms: Windows/Unix
Bug: Cross Site Scripting Vulnerabillity
Risk: Low
Exploitation: Remote with browser
Date: 6 Jan 2004
Author: Rafel Ivgi, The-Insider
e-mail: the_insider@mail.com
web: http://theinsider.deep-ice.com
#######################################################################
1) Introduction
2) Bug
3) The Code
#######################################################################
===============
1) Introduction
===============
SnapStream PVS is a Personal Video Station software. It allows the user to
remotely
schedule recordings and playing of Tv shows using video tapes and cable TV.
#######################################################################
======
2) Bug
======
When the webserver hosting SnapStream PVS LITE recieves a
'GET /?<script>alert('XSS')</script>' its ignores it, the data gets filtered
as it should.
But when it recieves a 'GET /?"><script>alert('XSS')</script>' the filters
are bypassed
and XSS appears and the server allows an attacker to inject & execute
scripts.
#######################################################################
===========
3) The Code
===========
http://<host>/?"><script>alert('XSS')</script>
#######################################################################
---
Rafel Ivgi, The-Insider
http://theinsider.deep-ice.com
"Things that are unlikeable, are NOT impossible."
